MSO
Secure with Confidence™
Bring new levels of confidence to your enterprise security.
Managed Detection and Response (MDR)
As part of Recon’s service, customers receive 24×7 monitoring, detection, and response services across all of their workstations, servers, active directory, and cloud applications. MDR provides a foundational level of protection for Recon’s full MSO service.
Advanced Email Protection (AEP)
Fully managed email security powered by Sublime and Chronicle SOAR. AEP combinines best-in-class email security tooling and the correlation and automation capabilities of Chronicle SOAR with the expertise of Recon’s SOC to deliver a comprehensive email security solution that is able to catch cutting-edge adversary techniques including brand spoofing and QR code phishing.
Endpoint Detection and Response (EDR)
As part of Recon’s service, customers receive licenses for our advanced endpoint detection and response agent (Lima Charlie). Our agent installs with no-reboot and provides powerful, custom alerting tailored to your environment. For our customers who have already invested in endpoint tooling, we will integrate with those tools to better enrich our visibility into their environment.
Perimeter Network Monitoring
Recon’s service does not stop at the endpoint. Recon’s SOC monitors your environment for security-relevant telemetry across your network perimeter including VPNs and firewalls.
Cloud Auth and Identity Monitoring
Monitoring identity telemetry and responding to suspicious logon behavior is a critical way to stop attacks before they can get started. Recon actively monitors our customer’s identity logs for suspicious activity and leverages best in class orchestration and automation techniques to catch not only suspicious login activity but also the follow-on activities that others miss.
Tactical Threat Intelligence
Recon InfoSec tracks threat intelligence across the industry and curates that intelligence according to what’s relevant to your industry and your organization. Threat intelligence permeates every aspect of our service and is a primary driver for new detections, Threat Hunts, and Security Guidance.
Deception Systems (Canary Systems/Tokens)
Recon collaborates with clients to deploy canary systems in their network that mimic high-value assets. These canary systems provide a low-noise, high-fidelity alert signal to Recon’s SOC. Recon continuously monitors these canary tokens and systems for suspicious behavior.
Proactive Threat Hunting
Recon’s SOC actively monitors intelligence sources, searching for indicators, gaps, or potential vulnerabilities for our team to use as hypotheses for a hunt. Our team then forms their hypothesis using an “assumed breach” mentality and combs through our customers’ logs looking for potential indicators of a threat. The findings of those hunts are then used as the basis for new detections to make our customers continuously safer from emerging threats.
Recon Security Operations Portal
The Recon Security Operations Portal provides customers with a consolidated view of their security posture across their entire network. Recon’s customers can log into the Portal to see their asset inventory, log sources, integrations, and view the active cases that the Recon SOC is investigating. Customers can also leverage the chat function in the portal to get direct access to the analysts that are conducting threat hunts, writing new detections, and protecting their environment from bad actors.
Incident Response
All of Recon’s agreements come with 30 hours of incident response work included. In case of a major incident, our team knows your environment better than anyone else and will be able to respond quickly. Our team will work to contain the incident and remove the bad actor as well as begin performing a root cause analysis.
Security Guidance for IT and Operations
In order to operate efficiently and securely in a digital environment it is crucial to have solid collaboration between security operations, risk management and network operations. As part of the MSO service Recon brings the expertise from the security operations perspective to that triangle of collaboration. Included in Recon’s service are monthly meetings where the notable cases from the previous month are reviewed and where we can provide recommendations on existing risks and approaches to remediate those risks.
Active Risk Management Guidance
If we are “guarding the house” and we see a “broken window” we are going to recommend you get that window fixed. This type of guidance will be proactive, but we will also be available to answer questions about how much risk we see in particular approaches/decisions and recommendations on what next steps a client might want to take to improve their security posture.
