Field Effect Products and Services:
Field Effect's solution focuses on managed security, including detection & response as well as cyber risk management services. Please see below for products/services offered:
Endpoint threat sensor and monitoring:
- Support for Windows, Linux, macOS, iOS/iPadOS and Android.
- Identifies lateral movement within a network, with continuous analysis to identify software vulnerable to remote code execution.
- Windows Event Log Telemetry identifies login events and installation of malicious software, offering network-wide detection and analysis of PowerShell script execution and other scripting engines.
- Active Response capabilities are built-in.
- Optional integration with third-party endpoint agents for consolidated alerting.
APIs and SDKs:
- Simple RESTful API integration for alerts and threat management.
- Integrates within existing tools and business workflows.
- Integrations and add-ons for third-party products.
Cloud threat detection:
- Coverage for a growing list of cloud platforms, including Microsoft 365, Google G Suite, Microsoft Azure, Amazon AWS, Dropbox, Box.com, and more.
- Monitors and identifies active threats to cloud systems.
- Business Email Compromise (BEC) prevention.
- Implementation of User and Entity Behavior Analytics (UEBA).
- Automatically locks and protects accounts, with alerting on important security-related configuration changes.
Full capture network sensor and monitoring:
- Threat intelligence-backed Indicators of Compromise (IOC) blacklists.
- Advanced content inspection and threat detection.
- Advanced anomaly and node behaviour deviation detection.
- Machine learning analytics identifies new and unknown anomalies.
- IoT device monitoring.
- Captures and rewinds network traffic in the event of a suspicious or confirmed incident.
- Protocol discovery and inspection.
- Identifies weak, misconfigured or out of date protocols and communications.
- Support for regulatory and industry standards compliance (e.g., NIST CSF, Canadian Centre for Cyber Security Baseline Controls, ISO 27001, and more).
- Full capture (bit-level) analysis.
- Support for network summarisation technologies (e.g., IPFix, NetFlow, sFlow, pFlow).
- Better than SIEM functionality and pricing.
- Cybersecurity training that can be deployed on enterprise hardware or in private clouds
Identical and isolated environments:
- Leveraging integrations with enterprise VMWare virtualisation technology, the product is designed to insure that every student’s environment is unique and identical to their peers.
- Automated, per-student network setup.
- Shared instructions for all students.
- Quickly reset individual students after an unrecoverable action.
- Add unpredictability to your exercises using pre-canned actions that can be triggered by time or in response to a student actions.
- Choose from our library of pre-canned actions or add your own.
Modular deployment on premises or in the cloud:
- Built for organisations of any size, with one or multiple locations.
- Scalable from five to 200 concurrent users.
- Can be deployed in the cloud or in a classified or air-gapped network, with no Internet required.
- Courses, exercises and actions can be accessed, online or offline, as self-contained packages.
- Browser-based training, no specific hardware or software required.
- SDK published in Python using the REST API for plugin development, automation and integration with other systems.
Shared and external resources provisioning:
- Clients can choose virtual machines from a common base library.
- Add files and install applications using drag and drop actions.
- Instantly apply changes, patches or updates to virtual machines during environment provisioning.
- Mark resources as shared while maintaining isolated environments.
- Enable external resources: Internet, ICS & SCADA systems or a bank of shared IoT devices.
- Threat monitoring
- Custom sensor configuration
- Forensic services
- Vulnerability identification
- Concierge access
Secure IT Operations:
- Continuous monitoring
- Analysis of network and endpoint-derived data
- Software testing
- Attack and defence practice and rehearsal on replica networks
Virtual CISO (vCISO) Service:
- Field Effect's virtual Chief Information Security Officer (vCISO) provides long-term or on-request access to a team of CISO's and cyber analysts. The solution is ideal for smaller companies who are not ready to take on a CISO full time and for companies requiring temporary support whilst their CISO is unavailable.
- Field Effect's global team of security analysts will conduct a thorough investigation to ascertain the root cause of a security breach and work to remedy the issue. The solution leverages Covalence for cyber threat monitoring and protects clients against the following attack types: disruptive attacks, insider threats, Intellectual Property (IP) theft, compromised medical records, financial cyber crime, unauthorised access and stolen personally identifiable information.
Simulation and Training Environments:
- Leverages Cyber Range to configure visual scenarios for training, testing and development. Clients can use existing hardware for hosting training or simulations on-premise, with options for short and long term hosted options.
Incident Response Planning:
- Field Effect experts will work with clients to create a custom Cyber Incident Response Plan (CIRP), with a clear strategy for all internal and external stakeholders. The team will analyse a client's existing security environment, offering advice for a new strategy or changes to an existing one.