Managed Security Services

Benefit from visibility of network activity 24 hours a day, 7 days a week, 365 days a year. Our engineers detect and analyze security alerts, providing endpoint and network security around the clock. We use Avalon™, a full end-to-end SIEM that utilizes machine learning and in-house developed applications to drive automated detection and alerting over all types of data. It unifies network and security data, allowing for event correlation and a single interface for reporting threats.

Receive ongoing improvements through our threat intelligence research program which provides insights into attacker goals, targets, and tactics. Our HUNT Operators gather actionable intelligence through digital forensics, malware analysis, and reverse engineering which allows us to quickly detect indicators of compromise and prosecute and remediate threats.

Loki Labs performs a high level review of your network topology, security products, and policies. We create a map of all defensive capabilities and benchmark the security architecture against industry standards in order to identify gaps in the cyber kill chain and ensure your network is adhering to compliance regulations. Our security architect engineers examine the network with you to understand what critical business functions are supported by the systems in your network and ensure there is maximum coverage over them.

Available to small organizations that don’t have the internal IT staff available to manage key systems, devices, and networks. Loki Labs will assist with the setup and management of firewalls, routers, intrusion detection and prevention systems (IDS/IPS), wireless access control, network ports, account control, and system hardening.

We work with you to plan and develop tailored response plans focused on the protection of critical assets and holistic remediation. Our incident response team then identifies, contains, and eradicates threats when necessary. Lastly, our HUNT Operators assist with recovery and improvement through the Loki Threat Intelligence Research Program.

We identify data feeds from all appliances (servers, firewalls, IDS, 3rd party items, etc.) then continue to collect, manage, and analyze logs. Network data (logs, packet captures, netflow) is stored and available for investigating and analyzing issues for an allotted time, based on your needs and budget.

Security analysts conduct vulnerability scans to let you know what systems have potential exposures or exploit opportunities. We utilize a remote security scanning tool to scour systems, looking for weaknesses that may leave a hole in your defenses. We then check system configurations for compliance with policy, identify sensitive data in the wrong places, and audit existing anti-virus systems to ensure they are operating as intended. Our vulnerability management helps implement security best practices based upon NIST 800.53 and CIS Top 20 security controls for threat mitigation.

Our cyber risk assessments are performed by world-class cyber operators in the form of real-world engagements. Loki Labs performs different types of assessments, depending on the organization’s needs. Whether the focus is to find weaknesses in a network or prove regulatory compliance, we can help. After the assessment, we provide full reports, fix vulnerabilities, and offer training.

We augment your existing staff with top-tier security professionals that proactively detect unauthorized network activity and engage aggressors to stop and mitigate attacks. Our hunters live within your network, searching and responding to adversary actions to provide the ultimate protection against today’s most sophisticated cyber threats.

Endpoint Detection and Response technology (EDR) provides powerful counter-APT capabilities by going beyond the signature-based detection of typical anti-virus solutions. Using behavioral analytics, an EDR platform pro-actively hunts for malware such as viruses, spyware, ransomware, worms, trojans, and other malicious programming by recognizing hostile or suspicious activity. Loki Labs deploys our EDR agent, Ori™, to all nodes (clients and servers) in order to provide visibility into your network. Our security analysts then perform detection and analysis techniques to evaluate telemetry returned from these endpoints in order to identify adversary presence and compromised assets. Contact us to purchase or try a demo of this software.

Loki Labs provides configuration and integration support for the third party devices and systems that make up the rest of your network (firewalls, AV, IDS/IPS, etc.) in order to optimize their performance and ensure they continue to work properly. Our experts can help you determine how to best place security appliances and sensors to maximize their value and detection abilities. We work with many vendors and partners to help you sort through the menagerie of security products in the marketplace. Our team stays abreast of current security products in order to help you find the right solutions.

Our CISO advisory services are a great choice for organizations that need the expertise and leadership a Chief Information Security Officer would provide but either don’t have the budget for someone full-time or they need temporary assistance while hiring someone new. We can assist with items such as strategy and organizational planning, new staff interviews and selection, policies, data loss prevention plans, and more. Ongoing security awareness training programs are also available and help to educate employees on how and why to avoid common mistakes that could leave you more vulnerable.