Tiago's 🏡

xroot.org - EST 2006


3CORESec, which got its name from the “three cores” that go into our business goals (truth, trust & transparency) is a boutique information security company dedicated to creating managed detection security platforms, products and services.

Officially opened in 2019, 3CORESec, or 3CS for short, started with the idea of making robust information security products more easily accessible as well as developing these products with real-world, enterprise-ready capabilities. With so many products and services built under a lab environment, it’s a shame how many good ideas are lost when they face the demanding requirements of enterprises.

Not only did we envision accessibility to security tooling a priority, it was also our objective - for better or worse - to provide an experience to our clients that we labeled as engineering-driven sales. That is, we would not engage in the typical bullshit that is so frequently seen in infosec (have you visited the vendor floor of BlackHat lately?) and would, instead, have the quality of our products speak for itself.

From its inception to today, 3CORESec has had a significant growth in terms of recognition, clients, and more importantly, a positive impact in the information security community.

Logo of Trapdoor, our HTTP honeypot

Through our research and contributions we are continuously providing insightful information to defenders. With so many invested in offensive security tooling (OST) we feel like this is something that should help balance things out.

3CORESec today has a wide-range of products and services, all within the many areas of detecting adversarial activity.

As the first, and so far the only of its kind, we released Lawmaker (SaaS platform to manage NIDS sensor deployments) back in August 2020. On top of its unique (for these tools) distribution method (SaaS), the platform also comes packed with cool features such as its multi-tenancy model, unlimited scalability, RBAC and advanced alerting capabilities. Lawmaker is a perfect showcase of what we want to accomplish in infosec: break the status quo and provide accessible tooling with a proven track record that, just works™.

Today Lawmaker is used in financial as well as governmental institutions and it became a crucial part of the 3CORESec ecosystem. It’s also widely used by security researchers and NGOs to whom we freely provide lifetime access to the platform.

3CS-1G Mini - Our entry-level network traffic analyses device

The demanding requirements, development and operational objectives of Lawmaker were not unique to this platform and they can be found replicated throughout all our tools, services and even hardware.

From our detection engineering that is meticulously developed against the most advanced adversary simulation to how we go about testing our detection capabilities with projects (which we’ve open-sourced) such as Automata and SIEGMA. Our orchestration API and accompanying agents for both AWS and Azure are one of a kind, providing a SOAR platform with the lowest possible set of permissions and a wide catalog of remediation actions that can easily be associated with supported alerts and detections through our multi-tenant MDR portal.

Our open-source software is used daily by many organizations and sometimes even referenced in vendor documentation, such as AutoMirror in this aws.amazon.com blog post.

We’re thankful for all our clients and partners that support and trust us every day to make systems and networks around the world safer. It is because of this support that we’ll continue pushing the boundaries of what is possible for the 99%.

If you’d like to have a virtual ☕ with us or discuss what we’re doing, we have a Community Slack you can join. Come say hi!