Managed Detection and Response
Vigilence, Expertise and Resilience
Schedule a Consultation

Your Pathway to Strategic Cyber Security

Excite Cyber offers robust Managed Detection & Response and security services capability, leveraging Security Operations Centres (SOCs) based in Sydney and Hobart.

Excite Cyber’s SOCs are staffed by highly skilled and certified professionals. These experts utilise a combination of industry-standard tools and custom-developed solutions to proactively identify and respond to both prevalent cyber threats and emerging attack techniques.

Excite Cyber’s ongoing, SLA driven, Managed Detection and Response (MDR) Service is designed to provide continuous monitoring of Customer’s existing systems within their IT environments. This proactive service aims to identify, triage and provide response advice for notable security events promptly, ensuring the protection of the infrastructure and data.

As Customers add new assets to their IT landscape, Excite Cyber’s MDR Service will extend its coverage to encompass these assets as well. This scalability ensures that all components of Customer’s network are continuously monitored, minimising the risk of undetected vulnerabilities or potential threats.

To streamline incident response and ensure efficient handling, Excite Cyber applies incident severity ratings to alerts. These ratings are accompanied by corresponding responsibilities, clear timelines, and well-defined procedures. The pre-defined RACI matrix is utilised to assign roles and responsibilities to relevant stakeholders, ensuring a coordinated response to security incidents. This approach enhances accountability and clarity in the incident management process. By implementing the MDR Service and establishing incident severity ratings with associated response protocols, Customers can benefit from enhanced cybersecurity measures. Excite Cyber’s expertise and proactive approach will enable timely detection, response, mitigation of security incidents, safeguarding Customer’s digital assets and minimising potential disruptions to the business.

Who Needs These Services

This service caters to organisations of all sizes and industries seeking robust cybersecurity solutions tailored to their unique needs.

Whether you’re a small startup or a multinational corporation, maintaining a strong security posture is imperative in today’s digital landscape.

Businesses across sectors, including finance, healthcare, technology, and beyond, can benefit from Excite Cyber’s Managed Detection and Response (MDR) service.

With cyber threats evolving constantly, proactive monitoring, incident detection, and response capabilities are essential for safeguarding sensitive data, preserving brand reputation, and ensuring business continuity.

Whether you lack the in-house expertise or resources to manage cybersecurity effectively or simply seek to enhance your existing defences, Excite Cyber’s comprehensive MDR service offers peace of mind and proactive protection against emerging threats.

What We Deliver

There are several dependencies in onboarding new log sources. However, if the onboarding requirements such as access to the log source and relevant information are provided to the Excite Cyber team, the onboarding of the new log source usually takes around one business day for known log sources, and up to a maximum of 7 business days for log sources with specific log formats. Key deliverables of the MDR Service include:

Below is a high-level list of milestones for onboarding new customers. The steps below will be performed for onboarding new log sources as identified.

1. Onboarding Service

A fundamental requirement for this type of service is to have a firm understanding of aspects such as roles, responsibilities, current processes, and escalation paths.

In the event of a security incident (or when practice incident scenarios are run) – both Excite Cyber and the Customer need to have all relevant aspects agreed and documented to ensure an efficient and timely resolution. This part of the project is therefore essential and provides a bedrock for all activity going forward.

Requirement Discover
RACI Development: PHASE 1

Workshops with specified stakeholders for the following:

  • Assess the overall requirements of the Customer engagement.
  • Define the scope of the services required and for what purpose.
  • Workflows for the service – communication, response channels etc.
  • Define what constitutes a security event – and categorisation of the event etc.
  • Risk profiling.
RACI Development: PHASE 2
  • Interview relevant stakeholders and other influencers within the Customers environment.
  • Refine the engagements points, service levels and necessary response techniques.
  • Communication paths – eg. email, phone, etc.
  • Work with apparent threats to define a response model and evidence.
  • Define service level agreements that will underpin the services.

RACI Development: PHASE 3

  • Define Roles, Responsibilities under the RACI model.
  • Document roles and responsibilities for the engagement.
  • Documentation of the findings.
  • Present to the stakeholders.
Log Sources (sample list)

Incorporating the following log sources:

  • AWS applications & infrastructure
  • Azure applications & Infrastructure
  • Virtual Machines & Servers
  • Staff collaboration tools such as Google Workspace & Microsoft M365 (20 users)
Excite Cyber philosophical approach to Cyber Security revolves around one of the most important controls in a security strategy: Visibility. Without visibility the ability to detect, respond and improve security posture is reduced. With this in mind, the following is an overview of Excite Cyber methodology of the continual lifecycle of a Cyber Security operation, Incident Management and Security Strategy:

2. RACI and Security Baseline

All customers are different, both technologically and from a risk profile perspective. Therefore, establishing a baseline in which both customer and Cyber Security provider should be developed early in the lifecycle. From this baseline a target operating environment and a joint working relationship is established, which includes but not limited to the following:

  1. Roles and Responsibilities – Establishes demarcation between organisations to ensure the fastest, yet most comprehensive resolution to incidents raised.
  2. Risk Profiling and Process – How alerts are triaged into either false positives or incidents and how they should be treated by the business; accepted, remediated, or delegated.
  3. Technology Review – Establish known vulnerabilities in the technical fleet, tailor compensating controls ensuring levels of visibility are enforced.

3. Security Operations

The Security Operations service in which Excite Cyber provides its customers is a 24 X 7 monitoring and incident response service, conducted from the Security Operations Centres in North Sydney and Hobart.

Excite Cyber is an ISO27001 certified organisation and adheres to strict policy, change management and information handling processes. Following are the main points of the Security Operations, excluding remediation services:

  1. Log Source and Validation – Log ingest (encrypted), parsing and handling (secure storage).
  2. Event and Alert Correlation – Via the Excite Cyber SIEM platform in the ISO27001 SOC.
  3. Triage – False/Positive or Incident – Conducted via a combination of automation and manual threat hunting, review, and peer review of alerts as they arise.
  4. Alerting – Incident Response processing, review, and reporting via Excite Cyber Incident Response pipeline. Excite Cyber uses technology such as Signl4 in compliment with its SIEM platform.
  5. Incident Traceability – This provides an end-to-end process for the origination of an alert, evolution to an incident via a triage process, and processing through service tickets to closure. Integration between Signl4 and ConnectWise allows for easy ticket creation and management.
  6. Dashboards – Dashboards are created to provide a real-time and retrospective view of the environment looking for trends and other anomalies within the environment.
  7. Machine Learning – ML jobs are created for forward looking anomaly detection and response based upon the profile of the past. ML can be applied to any aspect of the logs ingested for closer inspection to the environment for any nefarious activity.

4. Continuous Improvement

Excite Cyber understands that the Security Operations is not done in isolation of the greater customer organisation and regular engagements to improve the service and outcomes is an important aspect of the service:

  1. Monthly Reporting – Of the events, alerts and incidents during the previous month are provided for evaluation.
  2. Reviews – Regular Reviews of the security operations and performance
  3. Service Level Agreement – Measurements and monitoring of the operation and service delivery.
  4. Working committees – Steering committees to provide regular feedback of the health and security of the environment.

5. Security Threat Assessment and Triage Process

Excite Cyber Security Operations Centre Security Analysts adhere to a strict security threat triage process to ensure the highest level of inspection is done for each alert raised. Each alert is inspected for contextual environmental properties and initially categorised as a False/Positive or Incident. Once categorised as an Incident this will go through another level of inspection for categorisation rating based upon:

  1. Likelihood,
  2. Impact and
  3. Severity.

6. Excite Cyber Incident Response Process

The Excite Cyber Incident Response process is underpinned by Service Level Agreements (SLAs) and remediation outcomes. Excite Cyber has a custom-built platform which takes a lot of the pain out of onboarding multiple log sources, along with ongoing monitoring, correlation, alerting and incident response. Excite Cyber undertakes its Incident Response through 5 major steps:

  1. Alerting
  2. Triage
  3. Incident Response
  4. Remediation
  5. Ticket Processing/Closure 

Excite Cyber is an ISO27001 certified organisation and adheres to strict policy, change management and information handling processes. Following clarifies the main service responsibilities and boundaries of the Security Operations:

Phase Owner Lifecycle activity Description
Detection
Excite Cyber
Event Triage (False/Positive or legitimate)
Verify event is a legitimate threat, escalate if required. Determine impact, urgency, and priority.
Excite Cyber
Qualification (Attack & Initial Risk Analysis)
Qualify Attack Vector Type and assess initial risk, including likelihood of propagation.
Response
Excite Cyber
Quantification (Detailed Impact Analysis)
Identify target, perform detailed impact analysis, and risk assessment, determining Prioritisation and Risk categorisation.
Customer*
Containment
Take appropriate action based upon attack vector type to isolate/contain threat.
Customer*
Eradication
Take appropriate action based upon attack vector type to terminate/eradicate threat.
Customer*
Recovery
Take appropriate action based upon attack vector type to restore target to ‘run’ state.
Response
Customer**
Root Cause Investigation
Take appropriate investigative actions based upon attack vector type to astrain root cause.
Customer**
Incident Report
Generate report/data, detailing duration, actions taken and root cause and recommendations (where applicable).
* In some scenarios, to be defined in the onboarding services and documented in the Operations Manual RACI, Excite Cyber may implement remediation changes on behalf of Customer.

** If Customer adopts an Incident Response Service in addition to the MDR service, Excite Cyber will participate in the additional Recovery, Root Cause and Incident report service under a T&M arrangement.

How Your Business Benefits

By swiftly onboarding new log sources, typically within one business day for known sources and up to seven for specific formats, we ensure your security infrastructure remains agile and responsive.

Our meticulous RACI development phases establish clear roles, responsibilities, and communication channels, laying a solid foundation for efficient incident resolution. Leveraging our expertise, we incorporate diverse log sources, from AWS and Azure to collaboration tools like Google Workspace and Microsoft M365, bolstering your visibility and threat detection capabilities.

Our 24/7 Security Operations, conducted from ISO27001-certified centres, ensure continuous monitoring and rapid incident response. Leveraging advanced technologies like machine learning for anomaly detection and real-time dashboards for trend analysis, we provide proactive protection.

Moreover, our commitment to continuous improvement, reflected in monthly reporting, regular reviews, and SLA monitoring, ensures your security posture evolves alongside emerging threats. With our rigorous Security Threat Assessment and Incident Response processes, Excite Cyber stands ready to safeguard your business, from alerting to remediation and beyond.

Case Study: National Aged Care Health Service Provider

This Excite Cyber customer story demonstrates our experience in delivering IT and Security Operations Centre (SOC) based services to a large national health sector customer.

This customer relies on both Excite Cyber and Vocus to work as effective extensions to their own network, IT and cyber security team.

A prominent entity in the national retirement living sector, with a footprint that spans corporate headquarters, care centres, regional offices, and over 80 Retirement Villages, the customer relies on Excite Cyber’s support to maintain a secure infrastructure and ensure the seamless delivery of critical resident services 24x7x365.

Excite Cyber integrates IT and Managed Detection and Response (MDR) Services, fortifying the resilience of the entire IT environment. Our services address the unique challenges faced by Corporate Offices, Care Centres, Regional Offices, and Retirement Villages, placing a premium on the security and uninterrupted provision of resident services.

Key Highlights:

  • Comprehensive Coverage – Excite Cyber extends its services beyond corporate environments to encompass Retirement Villages, acknowledging the imperative nature of securing resident services. Our comprehensive approach ensures that every facet of the customer’s operations receives the attention required for a robust security posture.
  • Resilient Infrastructure – Leveraging a secure backbone, Excite Cyber and Vocus work together to ensure uninterrupted service delivery, maintaining operational continuity on a 24/7/365 basis. This commitment to resilience ensures that the customer can consistently meet the needs of its residents without interruption.
  • Risk Mitigation – Excite Cyber’s Managed Detect and Response (MDR) cybersecurity services play a pivotal role in reducing the Mean Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR) to cyber threats. This proactive service safeguards sensitive data, maintaining resident privacy and trust by mitigating risks quickly and effectively to minimise any disruption to the customer’s digital world.

About Excite Cyber

We are cyber, technology and business experts who asked ourselves, what would the world look like if you could be truly fearless with your business, and what if the very best cyber expertise could be integrated into robust, outcome-focused technology solutions?

Our approach is to be deeply consultative and deliver pragmatic and strategic services that work for your business. With an uncompromising approach to cyber security, we deliver solutions that will get you excited about the potential for technology all over again.

Our Latest Perspectives

Get Started with Excite

We are ready to collaborate with you every step of the way to protect your business and enable you to benefit from decades of experience in providing managed services. 

To get started, schedule a complimentary call using the form below today.

Frequently Asked Questions

AI is a useful component of MDR, enabling the automation of threat detection and analysis. It helps in identifying patterns and anomalies that could indicate a security threat, allowing for faster response times and more effective threat management.

MDR services aim to respond to threats as quickly as possible. The response time can vary depending on the service provider, but the goal is to reduce the time-to-detect and time-to-respond from what could be months down to minutes, thereby minimising the impact of the threat.

Excite Cyber’s MDR Service is designed to provide continuous, SLA-driven monitoring and response to security events within your IT environment. It proactively identifies and advises on security events, ensuring the protection of your infrastructure and data.

Incident severity ratings are applied to alerts to streamline response and handling. These ratings come with clear responsibilities, timelines, and procedures, coordinated through a pre-defined RACI matrix to enhance accountability and clarity in the incident management process.

Book an Appointment