MANAGED DETECTION & RESPONSE
“Clients should be wary of claims from traditional MSSPs on their ability to deliver MDR-like Services"
Delivering these services requires technologies not traditionally in scope from MSS, such as endpoint threat detective response, or network behaviour analysis or forensic tools. Managed Detection and Response Services Market Guide 2017
DataSixth MDR service is designed for advanced detection, threat hunting, anomaly detection and response guidance utilizing a defence-in-depth approach which monitors and correlates network activity with endpoints, logs and everything in between.Unlike a traditional Managed Security Service Provider (MSSP), our service is geared toward proactive prevention. We leverage the best of the commercial, open source, and internally developed tools and methods to provide the highest fidelity of monitoring possible. With DataSixth MDR, we deliver intelligence ahead of the threat.
- Dedicated Senior Level Security Experts
- Endpoint Detection and Response (EDR)
- Advanced Threat Hunting Engine and hosts analysis
- 24/7 Security Operations Centre
- Critical Incident Response Services
- Advanced Analytics and Expert Threat Intelligence
- Sensor deployments to endpoints
- Advanced full network packet captures& threat detection solutions
- Advanced in-house forensic investigation & malware analysis skills
- Comprehensive Log Collection - Including Cloud Sensor Monitoring for AZURE, AWS, Office 365, GSuite, Box and more!
- Experts on hand 24/7, with no increase in staff overhead costs
- Coverage of cloud infrastructure as if it was on-premise
- Comprehensive authentication and access monitoring for rogue account detection
- Streamline monitoring, alerting, search and reporting
- Endpoint activity monitoring and alerting, including OS and hardware details and file, memory and registry usage
- Malware-less attacks that use scripting languages including PowerShell and memory
- Data acquisition from HTTP, SMTP, packet, netflow and DNS
- Non-security data enrichment from HR, financial systems and physical security
“MDR vs MSSP"
MDR is different from MSS. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. As Gartner puts it: “The overlap between managed security services and MDR is increasing, which is adding to the confusion in the market and making it difficult for buyers. MSS and MDR still have distinct characteristics that buyers need to understand.
DataSixth MDR actively and aggressively searches through your data for indicators of compromise (IoCs). If we find such evidence, we immediately begin collecting data, analysing the risks, and if necessary blocking the attack. Some of the common threats we hunt for include:
- Insecure network protocols
- Traffic to command and control networks
- Unusual changes to systems
- Network traffic anomalies
- “Dropper” files, which are often a prelude to a malware or ransomware infection
- Brute force attacks
- Use of sensitive credentials
- Unusual password resets
- A sudden spike in traffic from an internal host to a large number of other internal hosts
Industry Hunt Packs
Endpoint Dection And Response (EDR)
The endpoint continues to be the primary vector of exploitation for external security actors. Most organizations have hundreds to thousands of endpoints, which creates lots of entry points, lots of data, lots of noise, and very little visibility. Traditional anti-virus solutions have been rendered nearly useless by the rate of change in malware, including polymorphic, targeted, and file-less threats. The security solutions industry has complicated the situation with a near infinite amount of products, all with a different name and classification.
DataSixth delivered managed endpoint detection and response service aims to reduce complexity, increase visibility, and shrink the time between detection and remediation of security incidents. Using a combination of threat intelligence feeds, an endpoint detect and recover solution, and a 24 x 7 security operations center, we have developed a solution that simplifies protecting the most imperilled area of defence.