Security is hard, no one running a business or maintaining an IT service decides to become a victim of a security incident or intends to lose precious data.
Managed Extended Detection & Response (XDR) services using an open approach combines your existing best of breed toolsets into a centrally orchestrated formidable wall of defence.
Prevention, detection and response go together like peanut butter, jam and…. will work out the last one soon! Combine your toolsets to work together in harmony.
Security is a broad and detailed topic, with so many attack opportunities waiting to be exploited in the forms of out of date software, configuration weaknesses, and day zero exploits its hard to know where to start.
Imagine a typical scenario of an inbound email containing malicious payload aimed at normal users potentially with the offer of a free coffee due to their hard work on a recent product launch, when clicked; the email attempts to install code, send more malicious emails approximately 30% of users will click the link to a website where they may unwittingly submit their details anticipating the rewards of a medium latte, now imagine….. it was a medium latte with syrup and we’re now talking 50% click rate!
Below is an example of how an Open Extended Detection & Response approach could reduce the chances of this scary scenario!
XDR (extended detection and response) ingests and automatically correlates data across multiple security layers such as email, endpoint, server, cloud workload, and network. This allows for faster detection of threats, improved investigation and response times through security analysis.
The term ‘extended’ refers to the act of centrally orchestration protection (collection, analysis, response etc) across many platforms.
XDR can also be an open architecture, solutions such as Microsoft Sentinel are perfectly adapted to integrate with a non-Microsoft anti-virus product, web filter solution, or network router to centrally orchestrate investigations and responses as we show below.
Open XDR examples:
Always start with prevention, it’s better to prevent such a scenario rather than having to recover from the impact, there are different types of prevention, we’ve classified them into dynamic and static.
Dynamic Prevention:
Static Prevention:
Within this scenario we’re ingesting security telemetry across several different sources such as:
All of the above information is held within our SIEM so it’s easy to visualise using Azure Workbooks.
Scheduled analytics rules running in SIEM have also correlated the information from the different sources and has recognised an multi-surface attack hence is now alerting.
Now we have detected incidents signposted within the various sources threat telemetry using our scheduled analytics rules we can action the following to reduce or prevent the impact of the attack by:
Our expertise will help you understand threats, apply configuration to reduce impact, alert on any events and through the use of automation quickly respond to security incidents.
You can’t defend from a threat you’re not aware of, so benefit from our rapid risk assessment services for identity and data protection which will explain in detail the risks present and how to mitigate each one, you become more aware and benefit from protection quicker.
Source threat telemetry from on-premise and Azure Active Directory, third party AV products, file servers, EDMS’s and more to give you the broadest picture possible.
Whether you’re using Defender or another service we will help you extend and deepen your defence capability, why wait for your anti-virus product to detect a virus, how about actively responding to events by isolating an affected asset or preventing further spread by closing down routes of propagation using firewall and email automations.
We use our templated risk assessments to identify threats, delight your organisation with a comprehensive list of risk assessments and mitigations against virus and malware attack vectors, imagine an anti-malware product not delivering due to a miss-configuration (we’ve seen this happen), there are many risks and controls to this common scenario and many more that we can help with.
Using threat telemtry from a range of sources such as external threat feeds, vulnerability assessment toolsets, anti-virus and anti-malware we can coordinate a response from the appropriate controls such as more restrictive internet access policies, conditional access policies, virus scanning and more.
Countless network threats both internal and external are taking place, with the right decision making, toolsets and configurations we have a better chance to defend our businesses, below is a list of services in this area:
Our assessments are taken from best practice, real life events and crowdsourcing amongst our clients and contacts, don’t sit and wait to discover a risk, get in contact now and we will help!
Telemetry from toolsets such as port scanners, network flow logs, IDS/IPS tools can be used to orchestrate security posture changes across network access solutions, firewalls and more.
Governance controls are essential to ensure security is maintained. Governance controls can be implemented but then circumvented without being noticed, we can help implement and maintain effective controls to ensure you stay in control:
It’s easy to miss risks related to security controls as you don’t expect them to be circumvented, we have great experience of identifying governance risks and implementing very reasonable and affective controls, we also educate our clients to support those affected by security controls and educate.
Automatically update your security posture by changing elevated permissions and systems access using security telemetry provided by solutions such as Sentinel, sign-in logs, Azure Activity and more.