PURPLE Team

Control and Prevent

Contingencies of national impact managed

+15

ACT: Advanced Cybersecurity Troubleshooting

Support services for security platforms and telecommunications cores, including network firewalls, databases, applications, IPs, core switches, and related technology, that present problems that compromise the availability of critical business services.

It focuses on proactively searching the network for anomalies that may indicate a security breach. The large amount of data that must be collected and analyzed means it's a painstaking process; however, we enhance this through the use of appropriate data collection and analysis methods.

The Cybersecurity Operations Center is responsible for monitoring and analyzing activity on networks, servers, databases, applications, websites, and other systems, looking for anomalous activity that may indicate a security incident or compromise.
Built-in multidimensional analytics and monitoring for any log and metric: VPN, Firewall, Servers, Antivirus, etc.
Team with tools with machine learning capabilities and built-in correlation. Real-time infrastructure monitoring. Dedicated and up-to-date resources. Built-in coverage of adversarial TTPs based on the MITRE ATT&CK knowledge base.
Built-in threat intelligence for all potential IoCs and automatically perform triage against globally recognized threat sources and databases.
Objective: Minimize the risks of a security breach and leverage the holistic detection approach of a service platform, without blind spots thanks to the PURPLE TEAM.
The CSOC unifies the capabilities of scanning tools to enable multi-layered prevention against sophisticated ransomware, Trojans, cryptominers, rootkits, and exploits.

CSOC

It is a service for analyzing and determining the root causes of events where user involvement is suspected. The uba service looks for usage patterns that indicate unusual or anomalous behavior, regardless of whether the activities originate from a hacker, insider information, or even malware or other processes.

The IRMT service seeks to evaluate and test each phase of incident management by identifying problems in the execution of the incident response plan that indicate deficiencies.

The platform displays the details and characteristics of each bookstore. It performs the task of marking licensed and unlicensed bookstores.
Provide a self-management platform to control the licenses used in projects.
The libraries (files) that are analyzed have the extension “.dll” and “.js”, however, it is possible to add more extensions.

We detect and anticipate threats before they reach you. We monitor open sources, forums, and the dark web, correlate them with your environment, and prioritize by risk to turn data into concrete actions.
What do you get?
Early warnings and actionable reports (what to block, what to look for, how to remediate).
IOCs and TTPs mapped to MITER ATT&CK, ready for your SIEM/EDR/WAF (STIX/TAXII).
24/7 monitoring of campaigns, critical CVEs, and credential/brand exposure.
Intelligence-informed threat hunting and adversary emulation (supports Red & Blue).
Periodic reports: overview of actors, trends and prioritized recommendations.
Value for compliance (Law 21.663)
It strengthens detection, response, and continuous improvement of the ISMS, facilitating timely reporting to authorities and traceability of actions.

Attacking the risk

Defend and mitigate

Text download