Booz Allen Hamilton Booz Allen Hamilton
Back

Cyber Defense Operations

Phase 1: Prepare

Understand threats and emerging attack patterns, and develop test plans and simulations to assess how your organization’s defenses and controls actually work. Cyber Threat Management services include:

  • Cyber threat intelligence
  • Crowdsourced attack models
  • Continuous simulation of attacker techniques and behaviors

Phase 2: Prevent

Based on the results of Phase 1 tests, coordinate with other security teams to patch systems, remediate vulnerabilities, and take other steps to block attacks from succeeding. Cyber Vulnerability Management services include:

  • Integrated vulnerability scanning and monitoring
  • Control testing potential exploits and attack patterns
  • Penetration testing and breach-readiness testing
  • Risk-based prioritization, patch management, and control tuning

Phase 3: Detect

Create and test behavioral analytics that enable hunt teams and security operations center analysts to monitor for threats. Cyber Detection, Hunt, and Event Management services include:

  • Proactive, preemptive signature detection
  • Alert-based triage
  • Threat hunting focused on “kill chain” behaviors and MITRE tactics, techniques, and procedures

Phase 4: Respond

Remain prepared at all times to detect, mitigate, and rapidly contain cyber attacks. Cyber Incident Management services include:

  • Established scenario testing
  • Incident validation
  • Incident response
  • Investigation, analysis, forensics, and classification
  • Containment and removal

Phase 5: Recover

Minimize disruptions to business operations, protect essential assets, and accelerate the remediation and recovery process. Cyber Recovery Management services include:

  • Multi-site failover with expanded cloud-based delivery
  • Service restoration
  • Enhanced monitoring of remediated systems and associated signatures
  • Reporting on lessons learned

Meet the Experts

Contact Us