Cyber Defined! MDR, XDR, EDR, NDR

Cyber Defined! MDR, XDR, EDR, NDR
Demystifying MDR Mike Sci, Senior Solutions Architect Cyber Security Professional MDR Expert Michael.Sci@esentire.com
eSentire CONFIDENTIAL 2 Cyber Defined! Cyber Security Risk- Who are the adversaries? Cyber Security – The BIG data problem Defining the MDR Marketplace- MDR,XDR,EDR,NDR The eSentire approach
01 Who are the adversaries? Privileged and Confidential 3 Who are the adversaries?
Privileged and Confidential 4 The Unusual Suspects
eSentire CONFIDENTIAL 5 Cybersecurity is a massive data analysis problem • You need a robust solution that can analyze massive amounts of data for hidden threats. • Our cloud-native MDR platform ingests data, turns it into insights and accelerates indicators of concern to our elite threat hunters who identify attacks in seconds and contain them in minutes before they disrupt your business.
How to manage the Tsunami of data eSentire CONFIDENTIAL 6 Multi-signal ingestion. Cloud-delivered architecture. Serverless Compute Network Isolation Ingestion gateway Signal normalization Secure, reliable, and scalable API for data capture Translate raw signals to common event model Investigation, response, and customer notification Investigation platform Single pane of glass Enrichments and recommendations Orchestration Normalized signals are enriched and exit with automated response or recommendations Virtual Private Cloud Threat Intel Service Asset Context Service Global Learnings Service ML Model Service Virtual Private Cloud DNS Routing Secure API Gateway Data Streaming Data Streaming Network Isolation Investigation Store Servicenow Open Source SOAR SOC Dashboard Virtual Desktop M A C H I N E H U M A N LOG NETWORK CLOUD ENDPOINT Signal Sources
eSentire CONFIDENTIAL 7 Defining the MDR marketplace 1
MDR emerges. Clever marketing follows. eSentire CONFIDENTIAL 8 Reality: Retainer for incident response Reality: Client-side response team required Reality: Little or no tactical containment Managed Detection and RESPONSE Marketing verbiage distorts what really means to the customer Reality: Requires add-ons for full functionality Reality: High analyst to customer ratio Reality: Unproven marketplace solutions F U L L V I S I B I L I T Y M D R
Leveling the playing field eSentire CONFIDENTIAL 9 VISIBILITY SIGNAL FIDELITY RESPONSE DETECTION • Visibility • Fidelity • Detection Capability • Response
Visibility | Fidelity | Detection eSentire CONFIDENTIAL 10 Full Visibility Regardless of Deployment Model VISIBILITY SIGNAL FIDELITY RESPONSE DETECTION Single Telemetry Source Multiple Telemetry Sources (Endpoint + Network) Medium Level (e.g., Full telemetry in some, limited in others) High Level (e.g., Full endpoint, PCAP, Log, Vulnerability, etc.) Low Level (e.g., Log, NetFlow) • Known • Customized TI • Active + Proactive Threat Hunting • Advanced Behavioral • Advanced Machine Learning • Known • Customized Threat Intelligence • Active Threat Hunting • Limited ML • Limited Behavioral • Known • Commodity Threat Intelligence
Response eSentire CONFIDENTIAL 11 Full Visibility Regardless of Deployment Model VISIBILITY SIGNAL FIDELITY RESPONSE DETECTION Single Telemetry Source Multiple Telemetry Sources (Endpoint + Network) Medium Level (e.g., Full telemetry in some, limited in others) High Level (e.g., Full endpoint, PCAP, Log, Vulnerability, etc.) Low Level (e.g., Log, NetFlow) • Known • Customized TI • Active + Proactive Threat Hunting • Advanced Behavioral • Advanced Machine Learning • Known • Customized Threat Intelligence • Active Threat Hunting • Limited ML • Limited Behavioral • Known • Commodity Threat Intelligence • Full IR Lifecycle Support • Managed Remote Threat Containment • Validation • Full Forensics • Know Threat Automation • Limited IR Lifecyle Support • Validation • Limited Forensics • Know Threat Automation • Non-vetted Alert Forwarding • Limited Forensics
eSentire MDR vs. Other Industry Models eSentire CONFIDENTIAL 12 EDr Single Telemetry • Singular telemetry • Investigation/threat vetting • Client-side containment • Endpoint forensics • Lack of correlation with other signals MDr Multi-Telemetry • Higher telemetry • Investigation/threat confirmation • Client-side containment • Advanced detection capabilities • Forensics • Limited correlation with other signals SIEM Managed • Limited visibility beyond logs • Limited signal fidelity • Limited forensic and correlation capabilities • Higher incidence of false positives • Limited IR Lifecycle coverage Visibility Signal Fidelity Detection Capabilities Response • Complete visibility across attack surface • Ability to correlate multiple signals • Limited false positives • Full IR Lifecycle support MDR Full Telemetry
Spotting red flags eSentire CONFIDENTIAL 13 F I N A N C I A L S T R E N G T H • Is the company public or private? • Who are the company’s backers/investors, and what are their track records? • Is the company profitable? • What is the company’s commitment to – and investment in – research and development? • How much of the company’s revenue is attributable to MDR? • For how long will the company remain financially viable without additional investment? C O M PA N Y P R O F I L E • What was the company’s original mission? • How has the company evolved over time? • What is the company’s core competency? • Is the company a marker leader or a follower? • What is the leaderships team’s background? • What markets does the company serve? P E O P L E & S E R V I C E D E L I V E R Y • From where does the company provide the service? • Does the company have different levels of analysis? • Does the company have specific response personnel? • Does the company have dedicated threat intelligence analysts and researchers? • For what positions has the company hired in the past? • For what positions is the company currently hiring? • Where are the new positions based? I N N O VAT I O N • Does the company hold granted patents and intellectual property? • What is the company’s history of service and product releases? • Does the service and product release history indicate reactive response to cyberlandscape developments or proactive anticipation of emerging shifts? • What are the background, specializations and skillsets of the company’s development and engineering team? (LinkedIn is a useful resource in this regard). • For what percentage of the total employee base do development and engineering account? D E M O N S T R AT I O N O F D E L I V E R Y & R E V I E W S • What do employees say about the company? (Glassdoor is a useful resources in this regard.) • What do peer review sites such as Gartner Peer Insights, SpiceWorks, G2Crowd, etc. reveal about the company? • What do seaches on subreddits receal for experiences working with or at the company? • Does the company have case studies? • Is the company clear about what they do and how they will deliver? • Does the company have customer references and statements attesting to delivery? • What are the company’s client satisfaction scores, NPS and retention rates?
Operational Leadership Service Capability Talent Expertise Threat Intelligence Value Demonstrated Culture / Experience What to Expect From Your Cybersecurity Partner The Authority in Managed Detection and Response The World’s Most Complete Threat Response eSentire’s Cyber Resilience Team The Power Of eSentire’s Threat Response Unit Insight Portal, Executive Dashboard, Resilience Score An Attack On You Is An Attack On Us 1 2 3 4 5 6 eSentire CONFIDENTIAL 14
eSentire CONFIDENTIAL 15 Our approach- Cyber Resilance 1
eSentire CONFIDENTIAL 16
` When Everything Is On The Line, There Is No Time Like Now… eSentire CONFIDENTIAL 17 Our cybersecurity services portfolio is designed to stop breaches, simplify security and minimize your business risk. We provide 24/7 threat protection that is proactive, personalized and cost effective. B U I L D R E S I L I E N C E . P R E V E N T D I S R U P T I O N . Service portfolio that supports how we help organizations Anticipate, Withstand, and Recover from cyber attacks. Detect, investigate, disrupt, contain cyber attacks. Understand, prepare, predict cyber threats. Manage and prioritize cyber risk. Return to standard operation. Threat eradication, crime scene reconstruction, investigations that can bear scrutiny in court of law. A N T I C I PAT E W I T H S TA N D R E C O V E R A D A P T/ E V O LV E
Gain Confidence, Control & Expertise eSentire CONFIDENTIAL 18 Our cybersecurity services portfolio is designed to stop breaches, simplify security and minimize business risk. We provide around-the-clock threat protection that is proactive, personalized and cost effective. Exposure Management Strategic services including Managed Vulnerability Assessments, vCISO and Managed Phishing & Security Awareness Training to identify gaps, build defensive strategies, operationalize risk mitigation and continuously advance your security program. Managed Detection & Response We deliver Response + Remediation you can trust. By combining our cutting-edge XDR platform, 24/7 SOC support, around the clock threat hunting and security operations leadership, we hunt and stop known & unknown threats before they disrupt your business. PREVENT THREATS BECOMING BUSINESS DISRUPTING EVENTS Digital Forensics & Incident Response Battle-tested Incident Commander level expertise, crime scene reconstruction and digital forensics investigations that can bear scrutiny in a court of law. The world’s fastest threat suppression guarantee with a 4-hour SLA available with our IR Retainer. BE READY WITH THE WORLD’S FASTEST THREAT SUPPRESSION TAKE CONTROL AS WE MANAGE & PRIORITIZE CYBER RISK A D A P T / E V O L V E | Cyber Risk Advisor Model, 24/7 Insight Portal Access, Resilience Roadmap and more A N T I C I P A T E W I T H S T A N D R E C O V E R
Seattle Waterloo Cork London New York SOC SOC Virginia Forensics Lab The Authority In Managed Detection And Response eSentire CONFIDENTIAL 19 Mission-Driven To Build Your Resilience and Prevent Your Business Ever Being Disrupted. 5M+ new medical records Protected annually Disrupting Threats To Keep Healthcare OperationsLive Critical Protection World’s Largest Meat Processing Company Ensuring No Disruption to the Global Food Supply Chain Protecting US$6.5T AUM More than the top 20 US banks combined Two Decades of Battling Persistent Fin Serv Threats Secures the largest municipally owned utility Protecting 30+ Energy/Utility Providers Including the Largest US Municipally-Owned Utility with 4M+ Residents 2 Security Operations Centers 24/7 Threat Hunting and Support Open XDR Platform with Automated Disruptions 24/7 SOC Protection Cyber Resilience Team Deep Investigation and Actual Threat Response Threat Intelligence Operationalized by TRU Rapid Time to Value – 15 Min Mean Time to Contain Over 500 customers In the critical infrastructure sectors recognized by CISA Securing systems deemed vital to US Security, Economy, Public Health & Safety Founded in 2001 Customers: 2000+ Countries: 80+ Employees: 630+
eSentire Full Signal MDR Summary 20 C O V E R A G E F O R E N S I C C A P T U R E North/South (ingress, egress) Full packet capture and traffic metadata East/West (internal, lateral) Endpoint telemetry Contextual awareness 12-month archival (adjustable) IaaS and SaaS environments Cloud provider logs and real- time telemetry Vulnerabilities and policies LOG NETWORK CLOUD ENDPOINT Managed Vulnerability Service Operational Risk Proprietary Technology C L I E N T T O O L S R E S P O N S E Network traffic blocking Terminate malicious processes Endpoint isolation Remediate cloud misconfigurations Runbooks Operational Awareness Microsoft Office 365 Email Security Platform Microsoft 365 Defender Email Threat Prevention
How eSentire MDR Works eSentire CONFIDENTIAL 21 On-Premises, In The Cloud, Hybrid? We’re all-in to protect you with enterprise grade technology, 24/7 expertise and decades of security operations leadership. S I G N A L S Network Endpoint Log Cloud Identity Vulnerability Multi-Signal Ingest Access investigation analysis, critical KPIs and reporting I N S I G H T P O R T A L eSentire experts hunt, contain and respond to attackers. 2 4 / 7 S O C Daily Escalations 700 Daily Threat Containments 400 Mean Time to Contain 15min R E S P O N S E E S E N T I R E S E C U R I T Y N E T W O R K E F F E C T S - B U I L D R E S I L I E N C E 200+ IOCs/IPs added daily Defenses hardened Community intelligence activated E S E N T I R E T H R E A T R E S P O N S E U N I T ( T R U ) Original Research & Threat Tracking Proactive hunting and sweeps Novel Detection + ML Models E S E N T I R E X D R P L AT F O R M S E C O N D S T O R E S P O N D | M I N U T E S T O C O N T A I N Daily Human-led SOC Investigations 6000 Daily Signals Ingested 20.5M Daily Automated XDR Platform Disruptions 3M E N R I C H Cloud-native platform Data normalized Enrichment: depuplication, geolookup, asset lookup, IP match, customer context Raw telemetry ingested Correlated Automated disruptions Analyst Experience Prioritizes:  Single pane of glass for analysis/search  Templated investigation guide  Grouped investigation type  Outlined escalation path  ML model suggested action as part of QA  Manual containment expertise  Tiered support system
“Everybody has a plan, until they get punched in the face” - “Iron” Mike Tyson
©2014 AKAMAI | FASTER FORWARDTM Thank you! Questions? Mike Sci Sr. Solutions Architect | Cyber Security Professional | Public Speaker | MDR Expert Michael.Sci@esentire.com

Check these out next

Cyber Defined! MDR, XDR, EDR, NDR

Recomendados

Más contenido relacionado

Presentaciones para ti(20)

Similar a Cyber Defined! MDR, XDR, EDR, NDR(20)

Más de Advanced Technology Consulting (ATC)(20)

Último(20)

Cyber Defined! MDR, XDR, EDR, NDR

Notas del editor