New additions to our Managed Detection, Intelligence & Response services
As part of our ongoing commitment to our Managed Detection, Intelligence & Response services – we are delighted to show the recent additions we’ve made for our clients – along with the positive impact and additional functionality they will bring!
As of Monday 15 July 2024, we’ve upgraded all existing clients to have three new core features within our services.
- Enhanced retention period of XDR telemetry data
- Inclusion of network flow monitoring & additional network rule detection capabilities
- Inclusion of a full cloud-based DFIR toolset
These continual improvements allow us to continue to provide the best service for our clients – ensuring that we can detect suspicious behaviour, provide the right business & threat intelligence and allow us to respond effectively to contain incidents – anywhere in the world.
- Previous: Through our service, we already tracked every single process start event, service creation and Sysmon event – keeping this data on a rolling 7 day period.
- Improvement: Retaining the data for 395 days (13 months).
- Why?: There are two main reasons – being proactive and reactive. Most providers will argue that this isn’t needed, it’s a cost saving exercise to keep the data for a shorter retention period.
- Proactive: We are using this data to form better and more advanced modelling of processes that run on your devices – allowing us to spot suspicious activities much earlier than other XDR providers.
- Reactive: We know from experience that when dealing with security incidents, more data is key. Being able to track process information back allows us to build a picture of behaviours that may have led to an incident occurring.
- Previous: Running network sensors allowed us to gather DNS, DHCP and IDS information.
- Improvement: Addition of Netflow, enhanced logged for 395 days and a brand new suspicious traffic ruleset.
- Why? Relying on firewalls and network devices to syslog us the right information leaves us open to misconfigurations causing gaps in our visibility. By mirroring traffic straight into our sensors, we can detect and respond in real-time to suspicious traffic, perform anomaly detection to spot large outbound transfers and map your network traffic for bad practices.
- Previous: Through our on-premise forensic device, we could capture forensic information by communicating to endpoints & servers. Our XDR agent provides full process & service logging, allowing us to build a forensic picture from these sources.
- Improvement: Deployment of our cloud-based Digital Forensic & Incident Response tooling – all embedded into our XDR agent!
- Why? Hybrid working. More and more devices are making their way outside of the traditional network edge, making on-premise and traditional methods of forensics more difficult to maintain. By utilising our current XDR agent, clients do not need to perform any actions – we can utilise the forensic capabilities when needed by starting an additional process.
We are not content with just keeping pace with technology – our clients trust us to be at the forefront, using innovative and preventative strategies to allow them to continue to do that they do best.
For more information on how we do this for our clients, or to learn more about how we can help you, please get in touch.