Cloud-Native Security

The flexibility and scalability of cloud meets the comprehensive nature of 24/7/365 monitoring, investigation, and incident response, brought together by SHIELDVision – Datashield’s proprietary threat hunting and security orchestration platform. Using SHIELDVision, Datashield leverages automated, intelligence-driven threat hunting, internally-developed threat detection content, and centralized reporting for all customers simultaneously, regardless of size.

Increasing adoption of cloud-native tools in the security ecosystem affects enterprises and small and medium businesses alike, and now, Datashield is bringing its 11-year history of managing diverse SIEM environments to bear on a rapidly-deployable cloud-native solution.

Outsourced SOC & MDR Offering

The core of Datashield’s service offering remains fully outsourced or co-managed SOC as a service, with 24/7/365 eyes-on-glass available for organizations of all sizes. Datashield acts as an extension of internal organizations’ security teams and not only provides monitoring, forensic investigation and response, but also includes remote administration, custom use case development, ticketing integrations, and architectural consulting and security tool implementation as part of its standard MDR offering.

Datashield is a best-in-class Security Operation Center that goes beyond normal alert churn and regurgitation, and instead brings truly contextualized alerting enhanced with knowledge of your own environment, reduced alert fatigue, and custom use cases that account for your organization’s unique business drivers. Datashield SOC also provides three other elements that many other MSSPs do not.

1. Internally Curated Threat Intelligence – Datashield leverages a wide variety of sources, including those developed by Datashield’s own CTI analysts for meaningful detections that aren’t coupled with high-volumes of noise and alert fatigue.
2. Expansive Out-of-the-Box Threat Content Library – Covering everything from lateral movement to unique malware and ransomware variants, Datashield’s internally-developed threat detection content comes with the service. Constantly tested by threat content developers with real-world red-team experience, all future development and additions are included at no additional charge.  
3. Research and Development – Working alongside the SOC, Datashield has a full-time software development team that supports ticketing and tool integrations with SHIELDVision, helping your organization realize the maximum potential out of tools already in operation or those acquired in the future.

SHIELDVision

SHIELDVision is a threat hunting and threat detection force multiplier that allows Datashield to efficiently provide customers with round-the-clock visibility, pivot immediately off new threat intelligence, and provide automatic, real-time alerting across Datashield’s entire customer base.

Through multi-source threat intelligence and in-house threat content development, SHEILDvision also allows Datashield’s SOC to perform threat identification in a more automated and machine-driven way. When an alert is fired in customer A’s environment, SHIELDVision automatically scans for the potential vulnerability in Customer B’s environment and so on. This process allows for a combination of real-time alerts and historical querying to be used for forensic analysis. This blended with ingestion from a multitude of security tools including SIEM, Endpoint, Email, Firewall and more, makes it the leverage point and differentiator for Datashield’s service offering.

World Class Security Tools

For its cloud-native offering, Datashield has sought industry-leading, best-of-breed solutions that offer maximum flexibility, comprehensive visibility, and rapid deployment while leveraging the potential in machine learning, orchestration, and threat response.   By partnering with ExtraHop, Google Chronicle, and SentinelOne, and knitting them together under the SHIELDVision umbrella, Datashield offers a no-compromise MDR solution that scales to any organization.

A.) Full Packet Capture – ExtraHop & Network Detection and Response (NDR)

ExtraHop has made their bones as a Cloud-Native Network Detection and Response platform.   Datashield has specialized in network threat detection and forensics via packet capture since before MDR was an industry-recognized term, so it’s only natural that Datashield and ExtraHop would partner to provide Full Packet Capture with NDR for their customers.

B.) Data Stewardship & Compliance – Google Chronicle

It would make perfect sense that the most prolific data aggregator of all time would develop a log aggregation tool that is designed for a world that works in petabytes. Google brings Chronicle, a cloud based SIEM to the market and Datashield meets them to offer data stewardship and compliance support for customers even down to the sub-100 employee count.

C.) Endpoint Protection – SentinelOne & EDR

With some of the most powerful AI-driven prevention and an industry-disrupting $1M Lloyd’s of London backed cyber insurance policy, SentinelOne offers a truly unique endpoint protection platform. Datashield’s deep security knowledge and incident response expertise make it a natural fit for management and monitoring of an industry-leading EDR platform.