CyberOps Management
Managed Detection & Response (MDR)
SALTT Tech delivers its 24x7x365 Managed Detection & Response (MDR) in partnership with SentinelOne. The SALTT Tech MDR service leverages the following key components in the delivery of this service:
-
SentinelOne Singularity Data Lake (SDL) – this cloud-hosted SIEM service acts as the central point of log and security data aggregation for all security tools, not just SentinelOne endpoint security agents. This includes the SentinelOne Purple AI large language model (LLM).
-
SentinelOne Singularity Endpoint Detection & Response (EDR) agents – the exceptionally popular SentinelOne EDR client that is deployed to all machines, both on-premises and in the cloud, offering 24x7x365 EDR capabilities that store data in the SentinelOne SDL.
-
SentinelOne Singularity Identity – the SentinelOne Identity Threat Detection & Response (ITDR) capability to protect identity stores and credential abused attacks. All ITDR data is logged back to the SentinelOne SDL.
-
SentinelOne Singularity Cloud Native Security (CNS) – for organisations that have a public cloud or serverless environment that requires control and compliance over those environments. All CNS data is logged back to the SentinelOne SDL.
-
3rd Party Security Tools – Data from all other 3rd party security tools can be forwarded into the SDL, including firewalls, email gateways, web gateways, identity sources, and cloud applications (such as Office365) are all stored in the SDL.
​
Once configured, integrated and deployed, SALTT Tech then leverages:
-
SentinelOne Singularity MDR – the 24x7x365 managed detection & response service from SentinelOne backed by up to a USD $1M breach response warranty and leveraging proactive threat hunting services on top of the SDL.
-
DIFR - Integrated SentinelOne Digital Forensics and Incident Response (DFIR) retainer.
-
SALTT Tech CyberOps Management Service – our team of all-on-shore cybersecurity experts act as an extension to our clients’ organisations as their cybersecurity specialists on demand. While the SentinelOne MDR service detects and blocks threats 24x7x365, our CyberOps Management Service team take the information from SentinelOne and work with our clients to further improve the resilience of their environments. For example, taking MDR reports and making changes to the environment such as AD/identity hardening, email security policy changes, group policy hardening, image hardening, infrastructure architecture changes and so forth to further mature and refine the cybersecurity environment for our client.
Cybersecurity Culture Development
SALTT Tech recognises that creating a cybersecurity-aware culture in an organisation takes more than just “tick the box” once off or semi-regular training that is highly technical in nature. SALTT Tech recognises that the cybersecurity front line of every organisation globally is its people. Over 90% of all successful data breaches start with a phishing attack. Equipping our teams to be cybersecurity aware should be considered an absolute baseline capability for every organisation globally.
Creating a cybersecurity-aware culture requires several key elements:
-
Highly engaging, non-technical, entertaining content that is delivered regularly and keeps teams coming back wanting more
-
Regular, varied and challenging phishing simulations to test that the knowledge gained during step 1 is applied across the organisation day to day
-
Advanced reporting and analytics are used on a monthly basis to determine how the program is going, where the gaps are, and what areas of focus need to be applied to ensure constant alignment with threats and business requirements.
​
SALTT delivers our cybersecurity culture development program, in partnership with KnowBe4, to equip our client’s teams to pick, react and respond to phishing and cybersecurity challenges they will face every single day, not just at work but in their personal lives as well.
​
Vulnerability Detection Service
Managing vulnerabilities across an organisation is an ongoing and complex challenge that requires constant attention. Vulnerabilities can exist in a vast myriad of environments, such as:
-
Operating Systems
-
Applications
-
Infrastructure
-
IoT devices
-
Software libraries
-
Source code
-
OT environments and more
​
Proactively identifying, classifying, and prioritising vulnerabilities is an ongoing challenge that requires highly specialised knowledge of both the vulnerability exposure and the available attack paths that can lead to an exploit.
​
The SALTT Tech Vulnerability Detection Service (VDS) provides a comprehensive approach to discovering, classifying and documenting vulnerabilities based on priority so IT teams can focus remediation efforts on where it matters most, delivering the highest value. Our VDS capability offers external and internal vulnerability discovery capabilities coupled with our advanced reporting and expert cybersecurity knowledge, predominately aligned with the ACSC Essential 8 framework.
​
CyberOps Management Services
SALTT Tech recognises that cybersecurity is not a “set and forget” environment. No technical control, no matter how well implemented, will require constant attention and maintenance to continue to be effective. Software vendors constantly add capability to their tools, attack techniques change, logs must be reviewed, and policies require constant attention.
​
Organisations struggle to attract, retain and develop the necessary technical talent they need to operate their cybersecurity controls. The SALTT Tech CyberOps Management Service offers our clients a predictable and cost approach to delivering the technical expertise they need for the controls that SALTT Tech has the capability to support.
​
Coupled with our advanced monthly reporting and best practices adoption, the SALTT Tech CyberOps Management Service closes the gap on our clients’ challenges to have access to the technical talent they need to operate their cybersecurity controls in a constant state of best practice.