Home  >  APT29  >  Results  >  F-Secure  >  Configuration

F-Secure Configuration

Product Versions

F-Secure Detection and Response -

Description

F-Secure Countercept is a Managed Detection & Response service delivered by the Countercept Detection & Response Team using their deep knowledge of attacker techniques and training in offensive security. The Detection & Response Team follow the Continuous Response methodology, an approach developed to ensure that post-breach activities (such as forensic analysis) become an integral part of investigation workflow and, if an attack is confirmed, the right actions are taken to contain and disrupt the attacker as quickly as possible. The Detection & Response Team also dedicate time to researching the latest attacker techniques and using this research to drive continuous improvements in detection capability.

F-Secure Rapid Detection & Response is an Endpoint Detection & Response solution that shares many core technology components with Countercept. Supporting Windows, macOS and Linux operating systems, the solution collects rich endpoint telemetry that is analysed to identify suspicious activity. Suspicious activities are visualized as Broad Context Detections and accompanied by guidance on response actions that should be taken. All detections are linked to the MITRE ATT&CK framework to provide a common taxonomy and understanding that aids user investigations. Where users require investigation support related to suspicious activity detected, they can use the ‘Elevate to F-Secure’ service to request assistance from the Countercept Detection & Response Team.

Product Configuration

  • Detection – All telemetry enabled (D3, RDR Sensor)
  • Response – Disabled
  • Prevention – Blocking Mode Disabled
  • Cloud Detection - Disabled