CyberGuardTech

Incident Response & Forensics

SOC-as-a-Service (Managed Security Operations)

Our managed SOC provides 24/7 threat monitoring, threat hunting, and triage by experienced analysts.

We combine best-in-class SIEM, EDR, and threat intelligence feeds into a unified service that scales with your needs. The service includes regular threat assessments, playbook updates, and monthly reports that show trends and recommended operational improvements.

Main benefits:

Continuous threat coverage, reduced false positives through expert triage, and a scalable service model that frees internal teams to focus on business projects.

Starting from $3,500 / month

  • Feature Description Price
  • 24/7 Threat Monitoring Continuous monitoring of logs, alerts, and network traffic. Identify anomalies, detect suspicious activity, correlate events, maintain historical data, respond in real-time, ensure compliance, integrate with SIEM, prioritize threats, provide actionable insights. $500
  • Threat Hunting Proactively search for hidden threats. Analyze patterns and behaviors. Identify advanced persistent threats. Correlate intelligence feeds. Detect stealthy intrusions. Document findings. Recommend mitigations. Reduce dwell time. Integrate with SOC tools. Improve detection efficiency. $400
  • Incident Triage Assess alerts rapidly. Categorize by severity. Validate incidents. Determine business impact. Notify stakeholders. Escalate appropriately. Reduce false positives. Document triage steps. Maintain service logs. Align with SOPs. $350
  • SIEM Management Configure and maintain SIEM. Normalize logs. Correlate events. Apply rules. Tune alerts. Ensure retention policies. Integrate threat feeds. Validate dashboards. Generate reports. Support audits. $300
  • EDR Management Deploy and monitor EDR agents. Collect telemetry. Detect endpoint anomalies. Isolate infected systems. Remediate threats. Integrate with SOC. Report activity. Validate updates. Tune policies. Provide management visibility. $450
  • Threat Intelligence Integration Incorporate external feeds. Correlate indicators. Detect emerging threats. Prioritize alerts. Validate sources. Align with SOC processes. Update dashboards. Document intelligence. Recommend action. Share with teams. $300
  • Playbook Updates Regularly update response procedures. Incorporate lessons learned. Ensure clarity in workflows. Test new scenarios. Align with compliance. Improve detection-response cycle. Maintain version control. Train analysts. Communicate changes. Record updates. $200
  • Monthly Reporting Provide dashboards. Show trends. Highlight incidents. Summarize metrics. Recommend improvements. Include KPIs. Ensure readability. Align with stakeholders. Validate data accuracy. Archive reports. $150
  • Compliance Monitoring Track adherence to GDPR, ISO 27001, NIS2, and internal policies. Detect deviations. Provide alerts. Document findings. Recommend action. Maintain audit trail. Integrate with SOC dashboards. Train analysts. Align processes. Review controls. $250
  • Alert Tuning Adjust thresholds to reduce noise. Validate severity levels. Review historical alerts. Optimize alert routing. Integrate with threat intelligence. Ensure actionable alerts. Document changes. Train SOC staff. Maintain consistency. Measure effectiveness. $200
  • Incident Escalation Escalate incidents to the right team. Follow defined SOPs. Notify executives. Track resolution. Reduce downtime. Ensure accountability. Maintain communication logs. Align with playbooks. Improve response. Document actions. $300
  • Root Cause Analysis Investigate incidents. Identify source of breaches. Analyze attack vectors. Determine system weaknesses. Document findings. Recommend preventive measures. Correlate logs. Validate fixes. Share reports. Improve security posture. $350
  • Playbook Testing Simulate attacks. Validate response procedures. Identify gaps. Improve processes. Train analysts. Record lessons learned. Adjust SOPs. Maintain compliance. Ensure clarity. Test communication channels. $250
  • Integration with Ticketing Systems Automatically generate tickets. Track incidents. Update status. Ensure visibility. Notify stakeholders. Escalate issues. Link with SOC dashboards. Maintain audit trail. Assign responsibilities. Measure response times. $200
  • Endpoint Isolation Quarantine infected endpoints. Prevent lateral movement. Preserve forensic data. Notify SOC team. Apply remediation. Reinstate safely. Track isolation actions. Integrate with EDR. Monitor status. Report to management. $400
  • Log Retention & Analysis Maintain logs for compliance. Analyze historical data. Detect patterns. Correlate events. Archive securely. Retrieve on demand. Support audits. Validate SIEM rules. Generate analytics. Reduce risk exposure. $250
  • Security Metrics & KPIs Track performance of SOC. Measure incident response times. Monitor false positives. Evaluate analyst efficiency. Align with KPIs. Report to stakeholders. Improve SOC operations. Identify bottlenecks. Optimize processes. Document results. $200
  • Incident Playbooks Documented procedures for common incidents. Include step-by-step actions. Assign responsibilities. Integrate with tools. Provide references. Test regularly. Update with lessons learned. Maintain versioning. Align with compliance. Ensure clarity. $150
  • SOC Analyst Training Regular training for analysts. Update on new threats. Practice simulations. Validate response skills. Improve efficiency. Review previous incidents. Ensure readiness. Align with SOC procedures. Track improvements. Certify competencies. $300
  • Threat Landscape Analysis Analyze global threats. Identify trends. Assess relevance. Map to assets. Recommend mitigations. Update SOC dashboards. Brief management. Prioritize monitoring. Integrate with intelligence. Reduce exposure. $350
  • Endpoint Forensics Collect endpoint evidence. Analyze malware. Identify compromise. Support incident response. Document findings. Preserve integrity. Provide reports. Integrate with SIEM. Recommend remediation. Track metrics. $400
  • Vulnerability Monitoring Track known vulnerabilities. Map to assets. Alert on exploits. Provide remediation guidance. Validate patching. Integrate with SOC dashboards. Maintain awareness. Prioritize critical issues. Document actions. Reduce risk. $300
  • Threat Remediation Guidance Provide recommendations. Prioritize fixes. Assist IT teams. Track progress. Validate effectiveness. Document resolution. Update playbooks. Ensure compliance. Reduce business impact. Align with risk strategy. $350
  • Security Posture Reporting Summarize SOC performance. Highlight incidents. Track KPIs. Recommend improvements. Show trends. Provide executive overview. Validate metrics. Document compliance. Track changes. Ensure actionable insights. $300
  • Total Sum of all SOC features $6,400

Digital Forensics and Incident Investigation

Our forensic experts preserve and analyze digital evidence to uncover how incidents occurred.

When an incident occurs, our forensic team preserves evidence, performs root cause analysis, and reconstructs attacker activity. We provide detailed technical findings suitable for internal remediation and external legal or regulatory actions. Chain-of-custody procedures and clear reporting ensure evidence is admissible and actionable, enabling organizations to pursue recovery and accountability.

Main benefits:

Accurate incident reconstruction, regulatory-grade reporting, and evidence preservation that supports legal proceedings or insurance claims.

Starting from €2,800

  • Feature Description Price
  • Evidence Acquisition Collect volatile and non-volatile data, use write blockers, ensure cryptographic hashing for integrity, log every step, follow ISO 27037 best practices, store evidence in tamper-proof containers, label and track chain of custody, support physical and cloud systems, document system configurations, secure transfer of media. €250
  • Disk Imaging Create bit-by-bit images of storage devices, support NTFS, EXT4, HFS+, exFAT, verify image integrity with hashes, document imaging process, maintain chain of custody, store securely, support encrypted volumes, ensure evidence admissibility, provide forensic copies for analysis. €230
  • Memory Analysis Analyze RAM captures for malware, process injection, credential theft, suspicious hooks, system artifacts, runtime activity, network connections, ensure hash verification, correlate with disk images, generate incident timeline, provide actionable findings. €210
  • Log and Event Analysis Collect, parse, and analyze system, application, and network logs, correlate events, identify anomalies, track attacker lateral movement, detect failed authentication attempts, maintain integrity of log sources, and produce evidence-ready reports for compliance. €200
  • Network Forensics Capture and analyze network traffic, reconstruct sessions, detect exfiltration, map attacker movement, examine packet contents, extract metadata, verify integrity, produce visual timelines, correlate with endpoint evidence, deliver actionable intelligence for remediation. €220
  • Malware Analysis Perform static and dynamic malware analysis, extract IOCs, understand TTPs, identify persistence mechanisms, reverse engineer samples, document behavior, link to affected systems, suggest containment steps, maintain reproducible analysis, and generate detailed threat intelligence. €240
  • Endpoint Timeline Reconstruction Correlate file system events, logins, process creation, registry changes, USB activity, and application usage to build a complete timeline of attacker activity for internal or legal use. €180
  • Evidence Reporting Prepare detailed forensic reports with methodology, findings, screenshots, hashes, and IOCs, suitable for internal stakeholders, auditors, or courts, ensuring clarity and compliance with regulations. €160
  • Legal Coordination Work with legal teams to ensure evidence meets chain-of-custody and compliance requirements, support investigations, and provide expert testimony or documentation for litigation or insurance claims. €190
  • Cloud Forensics Analyze cloud platform logs, snapshots, object storage, and IAM activity, reconstruct incidents in SaaS, PaaS, or IaaS environments, and ensure evidence integrity for investigations and compliance audits. €230
  • Mobile Device Forensics Extract and analyze data from smartphones, tablets, and wearables, recover deleted content, analyze app activity, metadata, messages, GPS, and call logs while maintaining legal chain-of-custody. €200
  • Email Forensics Analyze email headers, attachments, phishing campaigns, and compromised accounts, extract indicators of compromise, reconstruct delivery paths, and provide actionable remediation guidance. €180
  • IoT Device Analysis Investigate IoT devices and sensors for compromise, retrieve logs, firmware, network interactions, and anomalous activity to trace the attack vector and secure operational technology networks. €210
  • Malware Reverse Engineering Perform detailed static and dynamic analysis of malicious binaries, scripts, or macros to identify functionality, persistence, C2 servers, and develop mitigation or detection signatures. €240
  • Threat Actor Attribution Correlate technical evidence with threat intelligence feeds, malware signatures, TTPs, and historical incidents to attribute attacks to specific groups, campaigns, or nation-state actors. €220
  • Reporting for Litigation Prepare court-admissible forensic reports, support chain-of-custody, summarize findings in plain language, include evidence artifacts, timelines, and recommendations for legal proceedings or insurance claims. €250
  • Data Recovery Recover deleted, corrupted, or encrypted files from endpoints, servers, or backups to preserve key evidence and reconstruct incident timelines accurately. €190
  • Incident Timeline Construction Combine endpoint, network, log, and cloud data to build a chronological timeline of attacker actions, highlighting critical events for response and remediation decisions. €210
  • Evidence Packaging & Preservation Secure and catalog all collected evidence with proper labeling, hashing, storage, and documentation to maintain integrity and chain-of-custody for investigations or audits. €180
  • Expert Testimony Provide professional expert testimony in legal proceedings, clearly explaining technical evidence, methods, and conclusions to support litigation or regulatory cases. €300
  • TOTAL Full Digital Forensics Suite €3,500

Endpoint Hardening and Configuration Management – Incident Playbooks & Automated Response de adaugat

We standardize and harden endpoint configurations across your estate, deploy baseline imaging, and enforce secure configuration policies.

This reduces attack surface and ensures consistent security controls on user devices. Configuration management includes automated enforcement, drift detection, and reporting to keep endpoint posture aligned with organizational policies.

Main benefits:

Consistent device posture, faster remediation of insecure configurations, and fewer opportunities for attackers to exploit user machines.

Starting from $850

  • Feature Description Price
  • Baseline Imaging Deploy standard OS and application images across endpoints to ensure uniform security posture and configuration compliance. €120
  • Patch Enforcement Automatically deploy critical updates to operating systems and applications, reducing vulnerabilities and compliance gaps. €100
  • Configuration Baselines Establish and enforce secure configuration baselines for OS, applications, and security tools on all endpoints. €110
  • Drift Detection Continuously monitor endpoints to detect deviations from approved configurations and remediate automatically. €130
  • Security Policies Apply and enforce endpoint security policies including antivirus, firewall, and system hardening rules across all devices. €120
  • Application Whitelisting Control which applications can run on endpoints to prevent execution of unauthorized or malicious software. €140
  • Privilege Management Limit administrative rights and manage user privileges to reduce potential exploitation points on endpoints. €150
  • Anti-Malware Enforcement Deploy and maintain endpoint anti-malware tools with real-time scanning and automated remediation capabilities. €130
  • Endpoint Encryption Enable full-disk encryption and enforce encryption policies to protect sensitive data on endpoints. €140
  • Configuration Reporting Generate reports on endpoint configuration compliance to track deviations and remediate non-compliant devices. €120
  • Patch Auditing Audit deployed patches to confirm endpoints are fully updated and secure against known exploits. €110
  • Software Inventory Maintain a current inventory of installed applications to ensure compliance and detect unauthorized software. €120
  • Compliance Checks Regularly verify endpoints against regulatory standards and internal policies to ensure continuous compliance. €130
  • Remediation Automation Automatically remediate detected misconfigurations or policy violations on endpoints to maintain secure posture. €140
  • Endpoint Hardening Policies Define and enforce security policies for system settings, network configurations, and installed software across all endpoints. €130
  • Security Baseline Updates Update security baselines to adapt to emerging threats and evolving organizational requirements for endpoints. €120
  • Centralized Management Use centralized tools to manage endpoint configurations, enforce policies, and monitor compliance across all devices. €150
  • Security Reporting Dashboard Visualize endpoint security posture and compliance status in a centralized dashboard for easy reporting to management. €140
  • Audit Trail Maintain detailed records of configuration changes, patch deployments, and remediation actions for compliance and forensic purposes. €120
  • Incident Response Integration Integrate endpoint security events with incident response plans for faster containment and remediation of security incidents. €130
  • Remote Configuration Enforcement Apply and enforce configuration settings on remote or mobile endpoints to maintain consistent security standards. €120
  • End-of-Life Device Management Identify and remediate outdated or unsupported devices to reduce security risk across the endpoint estate. €110
  • TOTAL Full Endpoint Hardening Suite €2,200