Unlike a traditional Security Operational Centre (or SOC), which takes a passive and reactive approach to security and can take nearly 200 days to detect a potential attack, the Managed Detect and Response service using our own Advanced Detection Technology can get the job done in minutes or hours, preventing damage before it happens.

Advanced Detection Technology by StreamScan

This technology uses artificial intelligence (AI) to detect new generations of cyber attack and is the result of more than four years of intense research and development and a strong commitment to revolutionize the cyber security industry. The detection technology is the only one bilingual (English and French) data breach detection product on the market and has been selected as an Innovation by the Canadian Government for the Build in Canada Innovation Program.

Managed Detect and Response (MDR)

Our cyberthreat hunters monitor remotely the network security of our customers using our technology CDS. We combine human expertise and intelligent detection technology to track down cyber threats and eliminate them at the source. Our Incident Response Team helps organizations in all industries and all sizes to recover after the most advanced cyber attack (ransomware, etc.)

We helps companies respond effectively to cyber attacks and security incidents that target them.

When an incident occurs, we will travel to the customer’s premises to help them manage the incident or we can also handle the Incident remotely, if possible. In most cases the process will follow those phases:

▪The diagnostic phase of the incident

When we arrive at the premises of a customer impacted by an incident or a cyber attack, the first action to take is to conduct a general diagnosis of the situation in order to determine the scope of the incident, its nature and its impact on the company. This diagnosis must be made as quickly as possible and its effectiveness is crucial to minimize losses and return to production as quickly as possible.

▪Containment of the incident

The first step in responding to the incident is to put in place very quickly the measures and means to contain the incident and prevent it from spreading or increasing losses. We determine the incident containment measures and accompany the company’s IT staff in their implementation.

▪Active network monitoring and proactive detection of attacks

It is important when managing a security incident to take control of network security and ensure that no other attacks are in progress while the incident is being managed.

▪Thorough investigation and reconstruction of the attack/intrusion scenario

In many cases of incidents, such as ransomware infections or complex intrusions (PTAs, etc.), a thorough analysis may be required to understand what happened and assess the extent of losses or impacts.

▪Incident eradication and recovery

Once the incident is contained, the eradication phase consists of putting in place measures to eliminate the cause of the incident or to clean up the impacted systems. During the recovery phase, the corrected systems are put back into production.

▪Forensic analysis and evidence collection

If necessary, a forensic analysis will be carried out to collect and preserve the evidence required should the company wish to initiate legal proceedings against the author of an intrusion or malfeasance. The activities carried out during the forensic analysis include (non-exhaustive list):

▪Post-mortem of the incident

When the incident is corrected and closed, it is important to conduct a post-mortem analysis to fully understand what happened, the shortcomings exploited and to learn lessons to prevent the same situation from happening again.