Cyber security software to detect, investigate and respond to cyber threats

With economy and society depending heavily on digital technologies, vulnerability to cybercrime is increasing. Crimes are committed by electronic means on global scale, being facilitated by technological progress, considering the speed of data transfer or the number of persons connected globally to the network. To protect from cyber threats advanced cyber security solutions are needed. Most providers of cyber security solutions on the market are located outside Europe, leaving European customers with some uncertainty e.g. with regard to data protection issues. Aiming to offer a solution made in Europe, a team of advanced cyber security experts with headquarters in northern Germany has pooled expertise to develop a latest state-of-the-art cyber security software. The solution builds on the traditional combination of cyber security solutions SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response) and NDR (Network Detection and Response), but adds crucial context information to accelerate and automate analyst decision support. Within the security lifecycle the solution detects threats, investigates their specifics, and offers automated response in a federated system architecture that does not compromise between data sovereignty and scale. The cyber security solution is ready to be applied for the following use cases: - Threat hunting: Best-in-class telemetry throughput, fast triage with rich contextualizations, reduced MTTR (Mean Time to Respond) via domain-specific data modelling and deep investigation opportunity - Live detection: Detect IoCs (Indicator of Compromise) in all telemetry types, configurable sighting relay for alerting, CLI (Command Line Interface) controllable for distributed SOC (Security Operations Center) automation - Retro detection: optimal MTTD (Mean Time to Detect) by searching in seconds over terabytes; flexible response by rely of retro sightings where they can, open architecture: BYO (Bring Your Own) security content - SOC (Security Operations Center) control: ready-to-use plugins for tools and message brokers, standardized STIX-2 (Structured Threat Information Expression) data plane, scalable messaging backbone, publish/subscribe and snapshots Further use cases are under development: - Compliance: log retention, data cleaning, fine-grained transformations, anonymized/pseudonomized storage and flexible data ageing - Data loss prevention (DLP): Instant live and retro detection, deep visibility, response via existing toolchain - Anomaly detection: Decision support to prioritize alerts, anomaly and statistical outlier detection - Asset tracking: Time-sliced inventory for retro correlation, passive CMDB (Configuration Management Database) without new sensors, critical context for threat hunting Deployment scenarios of the solution offered are as diverse as the targets of cyber crimes: Ranging from application in ICT-systems of corporates and larger enterprises, to public authorities, universities and research institutions, data centers, telecommunications and operational technology. The startup would like to team up with early adopters, thus institutions or corporates that are seeking a latest stage-of-the-art cyber security solution made in Europe and are willing to invest into this cooperation in order to benefit from final development customized to their needs, to be best prepared in face of increasing cyber threats and to position themselves as pioneers of cyber security deployment. Commercial agreements with technical assistance are offered. Sought are contacts to institutions or companies from any sector with headquarters in Europe. Partners should have a certain size (>1,000 employees) and should have organisational structures for ICT security, ideal point of contact would be Security Professionals, Head of Security Operations or Chief Security Information Officer (CISO).