Cyber Threat Management (CTM)
Threat actors are becoming increasingly sophisticated, motivated and well-funded, with organisations today facing many security challenges. To meet these challenges, organisations must move from a protective, reactive approach to a defensive, proactive one, otherwise known as Managed Detection and Response (MDR).
Evolving security monitoring and improving not only prevention but also detection is now, more than ever, a must for organisations.
CTM is NCC Group’s gateway solution to MDR, delivering an advanced 24/7 threat monitoring and detection capability out of our European Security Operations Centre (SOC). CTM has been developed over the past two decades, drawing on the experience of our threat intelligence experts, defence operations analysts, incident response investigators, forensic investigation experts and malware analysis teams. Its proven capability is based upon a combination of our unique threat intelligence and our purpose-built technology stack, supported by a global, expert security team.
- 24/7 monitoring and rapid incident reporting means that you are better equipped to deal with the advancement of cyber attacks and cyber incidents
- Adds value to your current security team by providing you with access to a team of trained experts to assist with the monitoring and detection of threats, removing the difficulty of hiring and retaining a large internal team
- Expert analysis by our SOC team means that all alerts are triaged, while a deep dive analysis of network packets and endpoint events is completed, removing false positives and escalating genuine threats. Our alerts are not solely reliant on traditional signature-based detection, as we utilise our technical threat intelligence to produce detailed actionable insights
- We carry out analyst-led threat hunting; proactively and iteratively searching through your networks and datasets to find threats that may evade technologies
- Our services monitor organisations across various sectors, allowing us to gather relevant intelligence and then apply the specific sector intelligence to our estate
- Our platform allows you to see what the analyst sees, providing access to incident cases, sensor alerts, packet data, endpoint alerts and management information in real time
Types of common attacks detected
- Botnet communication traffic
- Successful intrusion attempts
- Data breaches
- Suspicious traffic patterns
- Drive-by downloads
- Malware distribution
- Policy violations such as use of cloud storage
- Remote access tools
- Investigations into industrial espionage
- Consequences of zero-days and APTs
- Other consequences of abuse