Threat intelligence helps organisations to proactively protect themselves against the risk of cyber attacks; our team helps organisations obtain timely insight into threat actors and their capabilities, to inform an effective and intelligent defence.
Threat Intelligence Subscription Services
Our threat intelligence research comprises both technical and strategic reporting. Our subscription services are complemented by Terrain Intelligence, which uses large-scale analytics to collect, contextualise and fuse both structured and unstructured data in order to support threat intelligence collection and analysis.
Many organisations struggle to understand which threat actors might target their ‘crown jewels’. We can review your business, geographies and profile in order to understand and document the nature of the cyber threats that you face.
Threat intelligence consulting
We can help you create your own threat intelligence capability, by combining our technical expertise with practical and actionable business strategy.
We work to analyse how relevant threats would navigate your infrastructure and we can identify and target control deficiencies.
There is often one common denominator in targeted cyber attacks: digital evidence was present in the environment long before the victim became aware of the issue.
Our experience responding to intrusions around the world shows that targeted threat actors often maintain remote access to an environment for 6-18 months before being detected. Unfettered access can linger on for years and sometimes is never detected.
Artefacts of these active threats can be detected from a number of key sources, for each of which we have developed sophisticated and robust detection, triage and analysis techniques. In doing so we leverage both strategic alliance partners, and our proprietary monitoring technologies.
Using these techniques and technologies we can scan your environment for a range of cyber security threats as a part of a compromise discovery exercise, which we can deliver as either a point in time assessment or as an ongoing managed service.
Retained incident response services
Incident response retainers provide rapid and on-demand access to a pool of highly skilled and experienced incident response professionals, as well as a range of other PwC services designed to support your organisation in a crisis.
While engaged, we ensure that our teams maintain currency with your people, process and technology meaning that should you require our assistance we are able to deploy with the minimum overhead in terms of both time and cost.
Our incident response retainers can also be extended to meet the specific needs of your organisation. This includes holding our teams at a higher level of response readiness, and a range of additional services designed to improve your digital forensics and incident response capability.
Incident Response Readiness
Having the right levels of logging enabled on systems, and knowing how to access that data in an emergency, can rapidly reduce the time and cost it takes to investigate and contain an issue in your organisation. We ensure that you will have the right data available and retained in order to be able to investigate and respond to incidents when they happen.
Crisis Management (BreachAid)
We can examine your current capability and then help to review or design a crisis response framework to underpin your organisational response to crisis events. We recognise that this is only part of the solution for truly successful management of an incident. Three distinct areas need to be working together immediately upon incident detection through to resolving the problem: technical resolution, business management and legal and regulation management.
Our incident response services will help to pinpoint the intruder on your network, fully investigate their activities and contain the breach.
We are one of a small number of organisations certified by the UK’s National Cyber Security Centre under the CIR scheme to respond to sophisticated attacks on networks of national significance.
Our approach to Crisis management is outlined in the three below areas:
- Prepare - before a crisis happens
- Respond - rapidly and effectively from day one
- Recover - get back to business and embrace the new normal
Managed detection and response
Our managed detection & response service responds to the growing demand of organisations seeking to improve their cyber threat response capabilities and management of operational risks.
There are a number of technologies that we deploy as part of this service, including but not exclusively limited to Tanium and SonarShock. Tanium is a market-leading endpoint threat detection solution, which we use to hunt for signs of malicious cyber activity. This process involves pushing our proprietary threat intelligence out to hundreds of thousands of endpoints rapidly, as well as pulling back data to analyse for signs of compromise. SonarShock is our proprietary network monitoring appliance, which uses our signature set to identify malicious cyber activity including, for example, targeted attacks. SonarShock also generates a high-quality data feed for our analysts to identify anomalous network activity.
Security operations transformation
Conventional security controls can no longer handle emerging threats. We’ll help ensure your security operations capability is equipped for today, and prepared for tomorrow. Whether this is working with you to build a new capability, or transforming an existing capability, we’ll help ensure that you are effectively able to manage cyber threats in your environment. This might include:
- Better leveraging and disseminating threat intelligence to realise tangible outcomes
- Rationalising and integrating your technology stack
- Supporting proactive and predictive security analytics using big data techniques
- Providing 24x7 coverage of your environment through the development of a “follow-the-sun” model
- Exploring labour arbitrage and other staffing opportunities