HAWK.io MDR

Automated SOC-As-A-Service

“With HAWK.io’s automated MDR service, we were able to rapidly mature our cyber program without the need for costly personnel or infrastructure. By leveraging HAWK’S technology stack and automation we are able to gain insight into all activity in our networks both on premise and in the cloud in a matter of days”

 
Stroud , Randy, 11-9-16, 4x6x300 color.png
 

- Randy Stroud, CISO HUNT Companies

Break Down Cyber Security Barriers and Reduce Cost

HAWK Network Defense Fabricon_with_reflection.png

Costly Infrastructure

SOC-as-a-Service

  • Simple subscription model

  • Covers on-premise, cloud-based, and hybrid cloud hosts

  • 24X7 monitoring


Security Expertise

Automated Threat Hunting

  • Advanced analytics detect, validate, and prioritize incidents

  • Patented techniques to enrich security telemetry data for the fastest and most accurate analysis available

  • Automated artifact gathering

  • AI-driven SOAR process to ensure appropriate playbooks are assigned and executed

Cyber Practice Maturity

Move Forward

  • SOC automation

  • Incident Management Automation

  • Automated Reporting and Metrics

HAWK.io MDR

Ingest

Streaming. Massively Scalable.

 

HAWK.io MDR uses HAWK vStream to collect any and all telemetry data as it is generated in your environment. vStream is a HAWK developed streaming analytics database designed precisely for solving the many challenges of collecting and analyzing immense volumes of security relevant data.

HAWK.io MDR can gather and consolidate telemetry data from on-premise, cloud, and hybrid-cloud environments with ease.

vStream feeds HAWK BDSA’s unlimited data lake with any and all of the data necessary to accurately detect, validate, and prioritize only true security incidents. HAWK.io MDR subscribers are only charged for how long the data is retained, not by number of devices, or data volume.

Enrich

Context. Clarity.

 

vTTAC™ is HAWK’s patented Intelligent Agent technology developed specifically to gather and attach supporting environmental and supporting telemetry data to the raw event data being captured in real-time.

Data enrichment also encompasses the use of current threat and user intelligence. Both are associated with the streaming event data as they flow inbound to the HAWK.io MDR machine learning and analytics engines resulting in superior accuracy and faster decision making.

HAWK’s vTTAC™ agents improve the quality of the telemetry data and speeds response times by automating the time consuming and tedious process of data gathering that SecOPS personnel are tasked to do while the incident response clock is ticking.

vTTAC™ not only automates the event stream enrichment, it also automatically sets and maintains correct log settings to ensure proper logging activity is maintained, even across host server process upgrades.

Detect

Accurate. Fast.

 

Understanding the tactics and techniques being used in an attack is essential to effective incident detection. HAWK has elite security industry expertise and has built in and automated that experience and knowledge into HAWK’s machine learning and analytics. HAWK.io MDR also aligns with Mitre’s A&TACK framework based on tactics and techniques from real world observations.

HAWK provides industry leading incident detection by using advanced machine learning algorithms to create behavior profiles on user, server, application, process, and file activity. These profiles are constantly tuned by the highly enriched inbound telemetry data sets.

When combined with HAWK’s vTTAC™ intelligent agent and HAWK’s vStream streaming analytics, HAWK.io MDR can accurately identify even the most difficult to detect hacker tactics such as; Living Off The Land attacks, Domain Generated Algorithms, and attacks that other Web Application Protection products miss.

HAWK.io MDR subscribers can trust that HAWK’s highly experienced cybersecurity experts are constantly refining and tuning the analytics on their behalf.

Investigate

Automated. Detailed.

 

As incidents are detected the next critical phase is to validate and prioritize all active incidents using Digital Forensics and Incident Response, or DFIR.

HAWK SOAR uses advanced AI algorithms to automate DFIR methods and procedures. Digital forensics can be extremely tedious and time consuming. Done manually, these activities can cause costly delays in incident mitigation and eradication. Digital forensics is also an area where details can be missed causing potentially serious errors in the response phase.

HAWK’s automated SOAR framework executes specialized DFIR procedures that are highly predictable, repeatable, and efficient. Included in the investigation phase is the critically important task of gathering artifacts. HAWK SOAR collects all digital artifacts and automatically integrates them into the SOAR incident management system and made available for SOAR Playbooks and future reference or reporting.

Many cyber security teams struggle to effectively execute the steps necessary to resolve a breach once it is detected. HAWK.io MDR customers benefit tremendously from HAWK SOAR’s automation of this critical IR phase.

Likewise, many CISO’s have never felt that this level of capability would be available to their organization. With HAWK.io MDR’s flexible architecture, organizations large and not so large can significantly mature their SecOPS and benefit from force multipliers associated with powerful HAWK SOAR automation with HAWK.io MDR.

Contain/Respond

Reliable. Thorough.

Security teams play a critical role in helping organizations recover from a security breach. Technology solutions have emerged to come alongside and have helped with automating playbooks and expediting incident response. These solutions focus on the back-end of the SOAR process and often require integration with third party products to do the data collection and incident detection.

With HAWK SOAR customers benefit from a seamless end-to-end process for the entire lifecycle of a security incident. HAWK automates incident response by leveraging both proactive and reactive SOAR playbooks fully integrated with a case management system.

HAWK SOAR provides full access to all digital forensic artifacts associated with the incident. Proactive and reactive playbooks allow the HAWK.io MDR subscriber to have control of when and how playbook steps are completed.

Whether the incident response is as simple as restore from backup and go, or much more intricate to satisfy regulatory or insurance requirements, HAWK.io MDR subscribers are covered.

The talent, experience, and skill set for cyber security incident response is hard to find and often harder to acquire/retain. With HAWK SOAR those qualities and disciplines are built into the SOAR framework as tested, reliable, documented procedures and processes.

Report

Customizable. Comprehensive.

 

At the end of nearly all security incident response exercises there is at least one meeting. A meeting to present what happened. How was it detected? Was anything lost? Are we back up and running?

Documentation of what decisions were made, and why. Proof that all steps were properly completed, and when. Post-mortem performance evaluation will often be conducted.

All of these communication interactions will require information that has been collected and generated along the SOAR lifecycle. HAWK.io MDR has all of the data, associated timelines, and details related to the incident neatly cataloged in a single reference source.

HAWK.io MDR allows customers to take advantage of a wide range of pre-built report templates, as well as, provides a fully customizable reporting interface with access to all of the various datapoints. From raw telemetry data, to the analytics scores that identified the behavior that in turn triggered the incident.

Reports can be generated using the digital forensics data, as well as the prescribed actions that were automatically executed on behalf of the customer. All of this available from a single service in HAWK.io MDR.