Security Automation

Mayfield can manage a customer's existing environment using SOAR capabilities. We can monitor and automate response to incidents using the latest technologies in security automation. A combination of human and machine learning capabilities can do wonders to protect an organization.

Integration with most security vendors
Automated Security Playbooks
Automated Response with latest Threat Intel
Rinse and Repeat each incident

SOC as a Service

Detect and stop the most advanced cyberattacks using Mayfield’s vSOC. vSOC provides a comprehensive, holistic and scalable solution for managing security, performance, and compliance from IoT to the Cloud.
Our ready state vSOC, can collect and process security information and events on Day 1. For many clients, time is of essence value and the Mayfield team can simplify the process of onboarding and customers are under no obligation to purchase new hardware or software. Our highly customized state-of-the-art, big data, cybersecurity analytical and alerting service comprises of advance correlation and machine learning engines powered by Mayfield expertise in forensics and malware analysis. Mayfield’s SIEM can be deployed quickly on a private cloud hosted by Mayfield or complement an existing SIEM solution for additional visibility and customization of use cases.

vSOC Features
24x7x365 Mayfield hosted managed advanced threat monitoring that leverages
Asset Management
Firewall, Network and Endpoint Management
Security Information and Event Management (SIEM)
Vulnerability Management
Active Threat Hunting & Incident Management
Machine learning and analytics
Threat Intelligence & Leading-Edge Threat Modelling Techniques
Dark Web Monitoring
Managed Cortex XDR
User and Entity Behavior Analytics
Advanced correlation and use cases with Personalized Risk Dashboards
Network Traffic Analysis (leveraged with Managed NGFW)

Mayfield’s vSOC is a simple, affordable and easy to deploy architecture that would easily fit into many existing environments with minimal changes.
Our vSOC service provides:

Scalability

Solution is scalable to support small or large clients.

Easy Integration

support for most devices, applications and 3rd party feeds.

Visibility

obtain a full view of devices, systems, traffic, threats and more.

Actionable

customizable reports for security and compliance to identity root causes of threats and remediations.

Customization

on top of our built-in use cases, some clients require custom use cases to support their view and our vSOC offers this capability.

SIEM

Even with properly configured systems, no security solution provides iron-clad protection against ransomware. This calls for a defense-in-depth approach to creating security layers in the environment.
A comprehensive SIEM-based approach increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior.
To be effective, a SIEM needs a source of high-quality data and knowledge of what to look for. Several data sources exist including system logs, Windows AppLocker, endpoint security solutions, and SIEM agents deployed on the endpoint.
Knowledge of what to look for comes from an understanding of the ransomware’s goals and the steps necessary to achieve them. Ransomware attacks can be identified using indicators that appear in the early, middle, and late stages of an attack.

To detect ransomware with a SIEM, it is necessary to lay the groundwork first. Some best practices to leverage your SIEM to detect ransomware include:

Collect Event Data from All Computers
Ransomware requires access to event data from all computers and especially workstations. Workstations are the easiest devices for cybercriminals to compromise and can act as an early warning system.
Use SIEM to Aggregate Alert Data
While different security solutions provide useful insights, they lack context. Collecting security data in one place supports analysis and advanced analytics.
Baseline “Normal”
Not all malware is detectable using signatures. Knowing what “normal” looks like on a network is essential to identifying the anomalies created by an attack.
Lay Traps
Differentiating true attacks from false positives can be complicated. Creating tripwires and other traps can help with detecting an attack.
Look for IoCs
IoCs from a threat intelligence feed can be essential for detecting the latest cyber threats. Select a SIEM capable of ingesting and using this data.
Perform Analyticsent
Data analytics like searching for unusual connections or looking for ransomware’s anomalous file activities can help to detect attackers on the system. Look for the event patterns that attackers create while achieving their objectives.
How can you leverage your SIEM as part of your Zero Trust stragey?

Threat Hunting

The days of on-premises IT are gone forever. Widespread cloud adoption has broadened the enterprise perimeter along with the overall attack surface. The necessity to work from home during the pandemic has shifted the paradigm completely, possibly making a permanent return to the office unlikely for many. Traditional access management, user authentication, and perimeter protection technologies, therefore, can no longer be relied upon.
An extended detection and response (XDR) approach use layered technologies to allow security teams to reach deeper into the network and take a more proactive stance against security threats. This approach produces fewer alerts, faster event resolutions, and lower costs. With layered monitoring, you can gain greater visibility and control, with the ability to micro-segment the network and move more efficiently on actionable alerts. Relief from “alert factories” also allows teams to focus attention on real threats and closing the holes that threaten to let them in.

Contact Us

Canada
2 Robert Speck Pkwy, 750,
Mississauga, ON
L4Z 1H8

USA
1600 Golf Road,
Rolling Meadows
60008

Use the contact form to reach us out for any questions or inquiries!

For any immediate requirements, feel free to call one of our experts directly (844) 629-7321

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.