Microsoft Managed Detection and Response (MDR)

with Microsoft Sentinel and the Microsoft Defender Suite.

SIEM

Security, Information, and Event Management

XDR

Extended detection and response

Incident Response (IR)

Analyse, detect, and defend against threats.

Service Overview

During your interaction as part of our Security Assessment offering, your Azure tenant will be configured via Azure Lighthouse to facilitate Azure Sentinel monitoring of your chosen data sources for a period of up to three weeks. The results of the analysis will be examined by our Security team and we will produce a report recommending various actions to be taken in response to any potential threats identified during the monitoring phase. This managed service is available for organisations that believe they would benefit from analysing the data across the organisation through the lens of Azure Sentinel’s AI powered monitoring which brings together this information into one single dashboard. If you have ever suffered a security breach or desire to proactively prevent a breach from happening this service is for you! The managed service will comprise of the creation of an Azure Sentinel workspace on a paid Azure subscription. CloudAssist will create analytic rules and actively monitor incidents generated by these rules. CloudAssist will then generate a report with recommendations based on the findings related to incidents generated during the trial period.

The Forrester New Wave

Transform your security operations with Microsoft Security

Microsoft Security Experts is a new service category that combines expert-trained technology and product innovation with human-led services. In this show, Kelly Bissel, CVP of Microsoft Security Services, demonstrates how the Microsoft Security Services organization can now manage your security operations for you and with you, and the difference this can make in the timely threat mitigation.

SIEM

This is typically used to collect logs from all security devices with the exception of endpoints (though some may very well do that as well). This would include firewalls, IPS/IDS, network devices, Windows AD logs, various SaaS/Cloud apps (depending on the capabilities of the SIEM solution). In case of Azure Sentinel, Microsoft currently provides 60 types of data connectors and at Managed Sentinel we built an additional 65 that can bring data from virtually any type of log source. Some customers may choose just a managed SIEM service that is not considered an MDR as it only covers the maintenance of the SIEM platform and the development of tuning of detections, alerts and SOAR playbooks.

XDR

Extended detection and response, often abbreviated (XDR), is a SaaS tool that offers holistic, optimized security by integrating security products and data into simplified solutions. As enterprises increasingly encounter an evolving threat landscape and complex security challenges with workforces in multi-cloud, hybrid environments, XDR security presents a more efficient, proactive solution. In contrast to systems like endpoint detection and response (EDR), XDR broadens the scope of security, integrating protection across a wider range of products, including an organization’s endpoints, servers, cloud applications, emails, and more. From there, XDR combines prevention, detection, investigation, and response, providing visibility, analytics, correlated incident alerts, and automated responses to improve data security and combat threats.

 

Microsoft 365 Defender is an eXtended detection and response (XDR) solution that automatically collects, correlates, and analyzes signal, threat, and alert data from across your Microsoft 365 environment, including endpoint, email, applications, and identities. It leverages artificial intelligence (AI) and automation to automatically stop attacks, and remediate affected assets.

Incident Response (IR)

With the security controls in place, logs collected and alerts tuned, the notifications for various security events are first received by the MDR provider’s SOC that will acknowledge, triage and escalate them based on the IR playbooks that were build with the customer during the initial setup phase. While this is normally considered the MDR service, one can see that it is just a part of the whole infrastructure that is needed in order to reach this phase. The IR is typically 24×7 and requires substantial resources from the provider as they have to ensure 3 shifts of highly trained security analysts that have to continuously deal with security incidents. Most of the costs of the MDR service go against this effort and depending on the level of involvement required from these analysts, a different price model could be applied. As an example, the MDR provider might just offer a basic triaging and review of the alert before forwarding to the customers, while others may provide the option to escalate to their own tier 3 analysts that can take a deep dive into the alert and only engage the customer when they suspect a breach. Some MDR providers charge per incidents, other per endpoint monitored. The later provides better estimation of the MDR costs.

Features

  • Sentinel SIEM installation & implementation
  • Outsourced maintenance and support of core Sentinel components
  • Managed Security services, including monitoring, alerting, reporting and advice.
  • Onboarding client log sources and configuration
  • Machine Learning and AI support for bespoke, automated remediation needs
  • Guided remediation, following alerts which identify significant vulnerabilities
  • Guided incident response on containment and remediation
  • Active threat hunting support (on request)
  • Annual health check assessments of your SIEM implementation

Benefits

  • Secure digital transformation and protect your cloud environment 24/7
  • Focus on your core strengths – protecting your business
  • Cut out the ‘noise’ and prioritise incident response
  • Enable rapid detection, investigation, and response
  • Save on internal recruitment and training
  • Save on infrastructure and management overheads
  • Protect against insider threat
  • Maintain compliance with industry regulations
  • Contact our experts today to find out more or request a free health check now

Free Ebook: Every Alert Matters

IDC recently launched a survey that looks at some of challenges organizations are facing due to the heightened quantity and quality of threats. Key questions that were asked included how much time and effort organizations spend investigating and responding to alerts, what are the challenges organizations face in regard to security analyst talent, what operational security information is of interest to the board, and the increasing role of managed detection and response (MDR) services in helping companies respond to threats. Over 300 United States based respondents, director level or above, who utilize or plan to utilize MDR services were surveyed in this study.