Resources · guides · comparisons · glossary

Understand cybersecurity, without the jargon.

Guides, comparisons and a glossary on MDR, SOC, CTI, NIS2 compliance, incident response and ransomware. Direct answers, field-observed proof, and the thread from concept to a real operation.

Why
MDR

Why MDR is more than a SOC: response, not just the alert

Why MDR goes beyond a SOC: not just detection and alerts, but managed response that closes the incident. The SOC→MDR delta on times and outcomes.

Read
Why
SOC

Why a managed SOC instead of an in-house one

Why choose a managed SOC vs in-house: the real cost of 24·7·365, the scarcity of talent and true coverage. When each option makes sense.

Read
Why
CTI

Why a proprietary intelligence feed, not a resold one

Why a field-observed proprietary threat intelligence feed beats generic resold feeds: context, attribution and IOCs that actually concern your sector.

Read
Why
MDR

Why identity protection (ITDR) is a priority

Why identity is the new perimeter: session and token theft bypasses classic MFA. Why ITDR matters more than the firewall in today's cloud.

Read
Why
MDR

Why EDR alone is not enough

Why EDR alone is not enough: it covers the endpoint but not identity, cloud and network, and produces alerts someone must handle 24·7. The gap to MDR.

Read
Why
CTI

Why dark web monitoring: see the risk before the attack

Why monitor the deep and dark web: exposed credentials and data become early warning. Catch an access for sale before it turns into an intrusion.

Read
Why
CTI

Why attack surface management: you can't defend what you can't see

Why attack surface management matters: exposed assets, shadow IT and forgotten services are the way in. Map the surface before the attacker does.

Read
Board
CTI

CTI for the board: what the CIO and directors must know

Cyber Threat Intelligence for the board: how CTI supports the CIO and the board on risk management, security investment, duty of oversight and NIS2.

Read
Guide
MDR

What is MDR (Managed Detection and Response)

What MDR is: a managed service combining detection (EDR/XDR, SIEM), threat intelligence and 24·7 analysts who contain incidents. Differences and who needs it.

Read
Comparison
MDR

MDR vs EDR vs XDR: differences and when you need them

MDR, EDR and XDR compared: what each is, what it does, who operates it and when to choose. Technology vs managed service, no marketing.

Read
Guide
SOC

What is a SOC (Security Operations Center)

What a SOC is: the outpost that monitors security 24·7 and handles incidents. In-house SOC vs managed SOC (SOCaaS), costs and when to outsource.

Read
Guide
Compliance

NIS2 explained: obligations, entities and deadlines

NIS2 explained: essential and important entities, security obligations and incident notification to the CSIRT (24h/72h/30d), and the penalties.

Read
Guide
CTI

What is Cyber Threat Intelligence (CTI)

What CTI is: collecting and analysing threat information to anticipate attacks. Levels, IOCs and TTPs, original intelligence vs resold feeds.

Read
Guide
MDR

From MDR to MDIR: how detection & response evolves

MDR and MDIR: what changes when response becomes the centre of gravity. MDIR is evolving terminology, not a standard: what it means and what counts.

Read
Guide
IR/Ransomware

What ransomware is and how it works

What ransomware is: malware that encrypts data and demands a ransom. Double extortion, the phases of an attack and how to defend before encryption.

Read
Guide
Compliance

Data breach GDPR: what it is and what it entails

What a GDPR data breach is: a personal data breach, notification to the authority within 72 hours (art. 33) and communication to data subjects.

Read
Guide
MDR

What is an EDR (Endpoint Detection and Response)

What an EDR is: technology that detects and responds on endpoints with behavioural analytics. Differences from antivirus and MDR, and why it is not enough.

Read
Guide
SOC

What is a SIEM (Security Information and Event Management)

What a SIEM is: a platform that collects and correlates logs and events to detect threats. Its role in the SOC, how it relates to SOAR and XDR.

Read
Guide
MDRCTI

Microsoft 365 security: threats and defence

Microsoft 365 security: the real threats (AiTM phishing, OAuth token theft, BEC) and how to defend with ITDR, anti-phishing and MDR on Defender.

Read
Guide
CTI

The role of CTI in cyber defence

The role of CTI in defence: how intelligence feeds detection, threat hunting, prioritisation and board decisions. From reactive to proactive.

Read
CTI reference

Who is on the other side.

Technical profiles of the ransomware groups most active against Europe: aliases, TTPs, exploited CVEs, extortion model. Kept current on what the European SOC observes in the field.

Tracked ransomware groups · Urgent response · What to do under attack

Can't find what you need?

Talk to our analysts.

Resources are a starting point. For your specific case, a Fortgale analyst calls you back within one business day. European SOC, same time zone.

Response time: < 1 business day.