Defensive Security

Blue Team Trainings

Defense against attacks and threats

The Blue Team is responsible for integrating all relevant security controls and technologies to protect all important corporate assets against all kinds of malicious actors and attacks. The common tasks of the Blue Team include operational monitoring, supporting the SOC (security operations center) in detecting IoA’s (indicators of attack) and IoC’s (indicators of compromise) and supporting the Incident Response Team in the event of critical security incidents. They also advise on the introduction of new products and technologies to improve the overall corporate security.

The Blue Team often consists of internal experts of an organization, either as a permanent team or as an overlay. Sometimes the team is augmented with external consultants hired for specific engagements, for example performing official security audits.

Blue Team Tasks

Continuous Monitoring of all IT systems in an organization
Performing continuous vulnerability assessments to improve corporate security
Threat Intelligence by collecting information for newest IoC’s and IoA’s
Supporting the Incident Response Team
Providing support for forensic analysis
Improving the enterprise security architecture by implementing new security controls and products

Blue Team Training

Do you have any questions about our training offerings? Simply let us know your requirements using our contact form or call us at +43 1 6000 880-0 and we will be happy to advise you!

Blue Team Courses

Featured Blue Team Services

Do you have any questions about our services? We will be happy to advise you: +43 1 6000 880-0

Implementing Microsoft Defender for Endpoint and Defender for Identity

Learn moreHide

Microsoft Defender for Endpoint is a cloud-based security solution and is part of the Microsoft 365 defender package. The solution offers extensive functions for monitoring and protecting endpoints such as notebooks, PCs and operating systems based on MacOS, server systems and mobile devices.

Microsoft Defender for Identity is also part of the Microsoft 365 defender package. This product is an anomaly-based network monitoring system with which your security team is able to detect suspicious activities in the company network at an early stage and to be able to react to them immediately.

Our experts will help you plan and deploy these two platforms, creating a comprehensive concept for securing your endpoints and mobile devices and tracking down hackers and malicious insiders in your corporate network.

Services:

Analysis of the existing EDR (Endpoint Detection and Response) / Anti-Virus solution
Identification of critical IT systems and assets
Planning and deployment of a Defender for Endpoint Pilot environment
Connection of servers, clients, and mobile devices in Defender for Endpoint
Integrating Defender for Endpoint into the existing Mobile Device Management (MDM) infrastructure
Planning the deployment for Defender for Identity
Integration of mission-critical systems in Defender for Identity
Performance verification through manual attacks

Implementing Microsoft Sentinel

Learn moreHide

Microsoft Sentinel is the Security Information and Event Management (SIEM) solution from Microsoft, which can be provided as a SaaS solution in Azure. Many companies use different tools from different manufacturers for operational monitoring of their on-premises or cloud-based infrastructure. Due to the complexity of these systems, it is becoming increasingly difficult to consolidate and process all information from all relevant platforms in a central location and to react promptly to security incidents.

Sentinel provides a cloud-based solution to monitor critical on-premises or cloud infrastructures, detect threats early and respond to them manually or automatically. In addition, Advanced Threat Hunting, Machine Learning, and other technologies in Sentinel also create many opportunities to better understand the origin and nature of the attack.

Our experts will help you plan and deploy Microsoft Sentinel, connect all relevant systems, and adapt it to your daily Security Operations Center (SOC) operations.

Services:

Analysis of the existing on-premises and cloud-based infrastructure
Identification of all critical systems and assets
Building a Microsoft Sentinel pilot
Connection of all relevant systems
Creation and customization of threat hunting rules
Creation of runbooks and workflows for incident response
Creation of dashboard and other tools for reporting