Detection rules are the basis of a CSOC
We ensure your organisation's ability to identify emerging threats effectively. CSOC performance is typically based on well-defined detection rules, and their continuous maintenance and development are key to threat management.
Our Detection-as-Code approach enables systematic development and testing of detection rules, ensuring the ability to react to cyber threats in a timely manner.
Proactive identification
Identify threats before they damage your IT environment.
The life cycle of an attack
Comprehensive identification of threats at all stages of their life cycle (MITRE ATT&CK)
Basis of an efficient SOC
Make sure you get the most out of your cybersecurity monitoring with effective detection rules.
Enhanced response
Automation and optimised detection rules allow organisations to respond to security breaches in a faster and more targeted way.
Threat-Based Approach
Our detection rules are designed to secure the target organization’s systems by leveraging threat intelligence related to its industry, operating environment, and geographic location.
This method ensures focused, up-to-date, and effective detection, drawing on comprehensive frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
Our process
Kickoff and Clarifications
We identify threat scenarios relevant to the client’s operations, including critical business areas and the specific features of their operating environment. These scenarios are discussed in detail with the client before proceeding.
We then clarify why detecting threats is essential for the continuity and security of the organization’s operations.
Technical Implementation
We develop the necessary detection rules and ensure they align with the client’s environment and threat models. If needed, we handle their technical deployment and carry out a pilot phase.
We also explain how these rules function in practice and how they effectively enable threat detection.
Management and Assistance
Our approach integrates detection rules into the client’s routine operations. Together, we establish frameworks for maintenance and future improvements.
We compile straightforward documentation of policies and detection guidelines, offering advice on rule management. Throughout the process, we support the client in both initial adoption and continuous supervision.
Why choose Tekve ?
We have experience in threat modelling and developing detection rules for the specific needs of different industries. Our service is not just a generic solution, but we always tailor it to the client's business and environment.
Practicality is our strength. We don't focus on empty rhetoric or unnecessary add-ons, we focus on the essentials: doing what it takes to protect our clients' environments.
We not only create and implement detection rules, but also provide continuous support and ensure they are developed to keep up with changing threats.
Certificated Operations
Pricing Examples
Every environment is unique, which is why we design each client project on an individual basis. Below are examples of service packages that can be tailored to your specific needs.
Organization A
A lighter project focusing on the primary threat scenarios facing your organization and how they can be detected via technical detection rules.
VAT (0%)
-
TOP 3 documented threat scenarios
-
10 detection rules for identifying defined threats
-
Integration of rules into your monitoring system
-
Two weeks of support and rule fine-tuning
Organization B
A more extensive package providing the organization with a comprehensive view of relevant threat scenarios and robust technical rules for detection. Ideal for organizations prepared to engage in ongoing enhancement of these rules.
VAT (0%)
-
TOP 5 threat scenarios which are analyzed and documented
-
20 detection rules for identifying defined threats
-
Integration of rules into your monitoring system
-
One month of continuous support and rule tuning to match your requirements.
-
Staff training on detection-rule utilization and further development.
-
A roadmap for continuous improvement of detection rules.
Detection Rule Development
We provide a continuous rule-improvement service, keeping your detection rules current and adaptive to evolving threats.
VAT (0%)
-
Keeping detection rules up-to-date to detect current cyber threats.
-
Tailored detection rules based on your environment and requirements.
-
Regular expert consulting for rule optimization and evolution.
-
Monthly reporting on rule performance plus recommendations for enhancements.
