Skip to main content

3CORESec ONE & MDR are now LIVE!

Over the last 6 months we have been hard at work on what we believe is the future of enterprise information security, and today we’re excited to lift the curtain - to some extent - on our most recent development: 3CORESec ONE and 3CORESec MDR


When we first got together to establish our product lineup, one thing became clear. If we wanted to make a difference we would require significant development on tools and platforms that worked how we thought information security should work: in a unified experience, with minimal changes to client workloads, pricing that is adjusted to different size companies, the capability to grow without additional purchases or any additional rewiring, and an overall less is more approach. 

After two years of building individual components for our products, and some of them finding their way to the public in the form of SaaS platforms (i.e. and, 3CORESec ONE is the platform that brings it all together under a single virtual roof. 

As the gateway to our ecosystem, ONE will serve as the identity platform for all our products and services, providing a streamlined experience in accessing not only the platforms themselves (through single sign on), but also allow our customers to access general information about their service subscriptions, invoicing, schedule demos and contact our support, interact with a dedicated success manager and much more!

Integrating our existing platforms under ONE is something we're actively working on, however, for the time being, ONE is being released fully integrated with 3CORESec MDR with platforms such as Lawmaker soon to follow. 

Example platform listing in 3CORESec ONE


Our MDR portal is the culmination of almost 3 years of hard work in our unique detection capabilities, data-gathering software, innovative network traffic analyses appliances and all the bits and pieces that go together to provide a central, secure, tenant-aware application to observe, analyse, remediate and collaborate on cloud, network and endpoint. 

The new MDR portal is currently in Beta and we are working hard to add more features, visualisations, collaboration and data interaction capabilities based, not only in our expertise, but also on client feedback.

3CORESec MDR - Network Findings Activity

3CORESec MDR uses a unique approach that provides our clients the ease of use of a SaaS platform while maintaining all the benefits of an internal/self-hosted solution. This allows for fast access to the platform, easy collaboration, quick onboarding and scaling and much more, while enjoying the peace of mind of siloed and secure data storage.

If you'd like to know more about our Managed Detection & Response platform, please contact us through social media or using the contact information available in our website. 

The Future

The release of both these platforms is a new chapter for everyone at 3CORESec. It’s the start of a journey to provide the best experience for our users and we're excited for what's ahead.

Make sure to follow us on Twitter or LinkedIn to stay in the loop of all the exciting things we have coming. You can also join our Community Slack to hang out with us and, if you're interested in joining the team, we're hiring for all sorts of different positions (front/backend developers, threat researchers, system engineers, detection engineering, etc)

If you like what we're doing and want to make a difference in infosec, hit us up! πŸ€™πŸΌ

Popular posts from this blog

Community Update - 3CORESec Blacklist πŸ““ 🍯

Recently we tweeted about some issues we had with 3CORESec Blacklist , a platform that shares - openly and freely - a subset of the information seen and processed by our honeypot network.  While those issues have been addressed, and seeing as significant changes were made to how we monitor the generation of the lists (which is reflected in our status page ) and how we determine if an IP should be listed as an offending IP or not, this felt like a good opportunity to write a bit more about the platform as well as the changes we made.   For regular users of Blacklist πŸ““ the first thing they’ll notice is an increase on the numbers of IPs we include. That is a direct result of the changes we made and the growth of the honeypot network itself. We have not - and will not - ever increase the period for which we query the honeypot network, as we believe anything higher than 24h (as specified in the project page) for IP addresses can quickly fall into a decaying state that adds little value

Detection as Code (DaC) challenges - Introducing Automata

This blog post is the second part of our Detection as Code (DaC) challenges series. You can read part one here . The development process of detections by itself doesn't pose a lot of barriers for security engineering teams, as they are typically done in a lab/controlled environment, but after tuning and deploying rules to a SIEM, the work is only starting. Many things can go wrong after this, and a process of continued and automated testing is crucial. Detection Validation In an ideal (and fictional) world, once the datasets are parsed, normalized, and put into production, detections developed by your team would work forever. Still, the reality is quite different. Maintenance is heavy work that needs to be done frequently - especially if you work on an MSP - but the reality is that the ecosystem lacks tooling and processes to do it proactively. Effectiveness is an important metric and crucial to the successful response of incidents in time, and effectiveness is what we aim to ensu

Trapdoor - The serverless HTTP honeypot

  Today we are announcing the release of Trapdoor , our AWS-based serverless honeypot.  The idea of a serverless honeytoken isn't new. Adel released his honeyLambda a few years ago and we've been working with it for quite some time. It was because of this experience and the goal of improving on what was already a great idea that we decided to go to the drawing board and see how we would change and tweak the concept.  What is it? Trapdoor is a serverless application that can be deployed in any AWS environment. Its goal is to receive HTTP requests with the intent of identifying, and alerting, on its visitors. The URLs generated by Trapdoor can also be referred to as honeytokens .  While you can get creative on how to use it, one of the goals of a honeytoken is to be hidden or stored in a "safe" place and, if accessed, fire of an alarm, as access to the token would be considered a compromise or unauthorized access.  This example is the passive way of using deception ta