3. Managed Detection And Response
eSentire CONFIDENTIAL
3
Mission is to hunt, investigate and stop cyber threats before they disrupt your business.
Seattle
Waterloo
Cork
London
New York
Security at Scale across industries:
Founded in 2001
Customers: 1000+
Countries: 70+
Net promoter score: 73
Assets under management: $6.5T
…and more
Healthcare Legal Manufacturing
Finance
2
Security
Operations Centers
24/7
Threat Hunting
and Support
5
Patents in
Machine Learning
Daily Signal Ingest
20.5M
Daily Atlas XDR Automated Disruptions
3M
Daily Human-led Investigations
6000
Daily Escalations
700
Daily Threat Containments
400
SOC
Mean Time to Contain
15 mins
SOC
4. eSentire CONFIDENTIAL
4
Digital transformation is extensive and all encompassing
• Digital transformation is
forcing the evolution of your
business.
• Everything is digitized,
accessible, connected and
vulnerable.
• Traditional security methods
lag behind digital
transformation velocity.
of companies
digital transformation
drives growth and
competitive pressures1
92%
of US currency
exists only in
digital form2
89%
Internet users by
2022
6
BILLION 75% of the projected
world population4
Connected devices
worldwide by 2030
50
BILLION
Wireless smart devices3
1Source: Altimeter: The State of Digital Transformation 2018-2019
2Source: Visual Capitalist: How many US Dollar Bills Are There in Circulation?
3Source: HelpNetSecurity: Number of connected devices reached 22 billion, where is the revenue?
4Source: Cybersecurity Ventures 2019 Official Annual Cybercrime Report
5. eSentire CONFIDENTIAL
5
Speed of business and appetite for new tech creates tension
Faster tech adoption
2½ times faster adoption of
emerging tech driven by need for
new business models.
• Traditional security solutions can’t
keep pace with customer business
models and technology.
• Artificial Intelligence is being
adopted 2.5x faster than cloud
since the introduction of AWS in
2006.
Tension between DevOps
and ITSec
Cultural and operational tension
between DevOps and ITSec
creates challenges and risks.
• DevOps has majority of security
and IT Ops teams in dysfunction.
• Proliferation of DevOps-driven
application deployments has
contributed to security issues, not
reduced them.
Ecosystem evolution
The Red Queen effect states that
complex ecosystems must evolve,
or they will die.
• Emerging tech and platform
ecosystems constantly evolve and
are used in ways not originally
contemplated.
• The threat surface also evolves
with more risk and breaches.
6. eSentire CONFIDENTIAL
6
Cybersecurity is a massive data analysis problem
• You need a robust solution that
can analyze massive amounts of
data for hidden threats.
• Our cloud-native MDR platform
ingests data, turns it into insights
and accelerates indicators of
concern to our elite threat
hunters who identify attacks in
seconds and contain them in
minutes before they disrupt your
business.
7. How to manage the Tsunami of data
eSentire CONFIDENTIAL 7
Multi-signal ingestion. Cloud-delivered architecture.
Serverless Compute
Network Isolation
Ingestion gateway Signal normalization
Secure, reliable, and scalable API
for data capture
Translate raw signals to
common event model Investigation, response, and
customer notification
Investigation platform
Single pane of glass
Enrichments and recommendations
Orchestration
Normalized signals are enriched and exit
with automated response or
recommendations
Virtual Private Cloud
Threat Intel
Service
Asset
Context
Service
Global
Learnings
Service
ML Model
Service
Virtual Private Cloud
DNS
Routing
Secure API
Gateway
Data
Streaming
Data
Streaming
Network Isolation
Investigation
Store
Servicenow
Open Source
SOAR
SOC Dashboard
Virtual Desktop
M A C H I N E H U M A N
LOG
NETWORK
CLOUD
ENDPOINT
Signal
Sources
8. eSentire CONFIDENTIAL
8
Data from a typical small/mid-sized business
• Our cloud-native platform accelerates
delivery of rapidly evolving detection and
response capabilities to our Security
Operations Center (SOC) cyber investigators.
• Our SOC elite threat hunters will contain any
threat on your behalf. They monitor, detect,
and respond swiftly and strategically.
• Our team of cybersecurity professionals is the
most skilled and dedicated in the industry.
271,812
Raw signals or
indicators of concern
2,190
investigations
65
security incidents
2
escalations
1 month of
data for one
customer
9. eSentire CONFIDENTIAL
9
Full-spectrum visibility and immediate response
Our powerful combination of cloud-
delivered MDR platform used by our
elite threat hunters allows us to:
• Accelerate response times
• Reduce threat actor dwell time
• Minimize risk of business
disruption
• Relentlessly research and pursue
threat actors
20
minutes
to isolation and containment
35
seconds
to begin triage
6
Investigations
every minute
646
Confirmed
security incidents
per day
E X P E R T P E O P L E
M A C H I N E L E A R N I N G
11. MDR emerges. Clever marketing follows.
eSentire CONFIDENTIAL 11
Reality: Retainer for incident response
Reality: Client-side response team required
Reality: Little or no tactical containment
Managed Detection and RESPONSE
Marketing verbiage distorts what
really means to the customer
Reality: Requires add-ons for full functionality
Reality: High analyst to customer ratio
Reality: Unproven marketplace solutions
F U L L V I S I B I L I T Y M D R
12. Spotting red flags
eSentire CONFIDENTIAL 12
F I N A N C I A L S T R E N G T H
• Is the company public or private?
• Who are the company’s backers/investors, and what are
their track records?
• Is the company profitable?
• What is the company’s commitment to – and investment
in – research and development?
• How much of the company’s revenue is attributable to
MDR?
• For how long will the company remain financially viable
without additional investment?
C O M PA N Y P R O F I L E
• What was the company’s original mission?
• How has the company evolved over time?
• What is the company’s core competency?
• Is the company a marker leader or a
follower?
• What is the leaderships team’s
background?
• What markets does the company serve?
P E O P L E & S E R V I C E D E L I V E R Y
• From where does the company provide the service?
• Does the company have different levels of analysis?
• Does the company have specific response
personnel?
• Does the company have dedicated threat intelligence
analysts and researchers?
• For what positions has the company hired in the
past?
• For what positions is the company currently hiring?
• Where are the new positions based?
I N N O VAT I O N
• Does the company hold granted patents and intellectual property?
• What is the company’s history of service and product releases?
• Does the service and product release history indicate reactive response to
cyberlandscape developments or proactive anticipation of emerging shifts?
• What are the background, specializations and skillsets of the company’s
development and engineering team? (LinkedIn is a useful resource in this
regard).
• For what percentage of the total employee base do development and
engineering account?
D E M O N S T R AT I O N O F D E L I V E R Y & R E V I E W S
• What do employees say about the company? (Glassdoor is a useful resources in this regard.)
• What do peer review sites such as Gartner Peer Insights, SpiceWorks, G2Crowd, etc. reveal
about the company?
• What do seaches on subreddits receal for experiences working with or at the company?
• Does the company have case studies?
• Is the company clear about what they do and how they will deliver?
• Does the company have customer references and statements attesting to delivery?
• What are the company’s client satisfaction scores, NPS and retention rates?
13. Leveling the playing field
eSentire CONFIDENTIAL 13
VISIBILITY
SIGNAL
FIDELITY
RESPONSE DETECTION
• Visibility
• Fidelity
• Detection Capability
• Response
14. Visibility | Fidelity | Detection
eSentire CONFIDENTIAL 14
Full Visibility Regardless of Deployment Model
VISIBILITY
SIGNAL
FIDELITY
RESPONSE DETECTION
Single Telemetry Source
Multiple Telemetry Sources (Endpoint + Network)
Medium Level (e.g., Full telemetry in some, limited in others)
High Level (e.g., Full endpoint, PCAP, Log, Vulnerability, etc.)
Low Level (e.g., Log, NetFlow)
• Known
• Customized TI
• Active + Proactive
Threat Hunting
• Advanced Behavioral
• Advanced Machine
Learning
• Known
• Customized Threat
Intelligence
• Active Threat Hunting
• Limited ML
• Limited Behavioral
• Known
• Commodity Threat Intelligence
15. Response
eSentire CONFIDENTIAL 15
Full Visibility Regardless of Deployment Model
VISIBILITY
SIGNAL
FIDELITY
RESPONSE DETECTION
Single Telemetry Source
Multiple Telemetry Sources (Endpoint + Network)
Medium Level (e.g., Full telemetry in some, limited in others)
High Level (e.g., Full endpoint, PCAP, Log, Vulnerability, etc.)
Low Level (e.g., Log, NetFlow)
• Known
• Customized TI
• Active + Proactive
Threat Hunting
• Advanced Behavioral
• Advanced Machine
Learning
• Known
• Customized Threat
Intelligence
• Active Threat Hunting
• Limited ML
• Limited Behavioral
• Known
• Commodity Threat Intelligence
• Full IR Lifecycle Support
• Managed Remote Threat
Containment
• Validation
• Full Forensics
• Know Threat Automation
• Limited IR Lifecyle
Support
• Validation
• Limited Forensics
• Know Threat Automation
• Non-vetted Alert
Forwarding
• Limited Forensics
16. Other criteria
eSentire CONFIDENTIAL 16
TIME OF
COVERAGE
SERVICE TIERING RETAINERS PORTAL PREVENTION
MANAGEMENT
COMPLIANCE REPORTING SERVICE REVIEWS CONTRACTUAL
OBLIGATIONS/
INSURANCE
SLAs
17. eSentire MDR vs. Other Industry Models
eSentire CONFIDENTIAL
17
EDr Single Telemetry
• Singular telemetry
• Investigation/threat
vetting
• Client-side containment
• Endpoint forensics
• Lack of correlation with
other signals
MDr Multi-Telemetry
• Higher telemetry
• Investigation/threat
confirmation
• Client-side containment
• Advanced detection
capabilities
• Forensics
• Limited correlation with
other signals
SIEM Managed
• Limited visibility beyond
logs
• Limited signal fidelity
• Limited forensic and
correlation capabilities
• Higher incidence of false
positives
• Limited IR Lifecycle
coverage
Visibility
Signal Fidelity
Detection
Capabilities
Response
• Complete visibility across attack
surface
• Ability to correlate multiple signals
• Limited false positives
• Full IR Lifecycle support
MDR
Full Telemetry
19. Start date: mm.dd.yyyy
End date: mm.dd.yyyy
The eSentire Ecosystem
eSentire CONFIDENTIAL
19
Cloud-native architecture. Proprietary machine learning. Extensive response capabilities.
S E C O N D S T O R E S P O N D | M I N U T E S T O C O N T A I N
e S E N T I R E T H R E A T R E S P O N S E U N I T ( T R U )
Proactive hunting and research Develops detection models Intelligence and analytics
e S E N T I R E S E C U R I T Y N E T W O R K E F F E C T S
Security that scales Amplifying detections across base 400+ indicators added daily
Cloud-Native Platform Machine Learning Models Automated Disruptions
AT L A S X D R C L O U D P L AT F O R M
Secure, reliable, and
scalable API for data
capture
Translate raw signals to
common event model
Investigation, response,
and customer notification
Normalized signals are enriched and
exit with automated response or
recommendations
INGESTION
GATEWAY
SIGNAL
NORMALIZATION
INVESTIGATION
PLATFORM
Single pane of glass
ENRICHMENTS &
RECOMMENDATIONS
Orchestration
M A C H I N E H U M A N
E C O S Y S T E M
Access investigation analysis
and risk reporting
I N S I G H T
P O R T A L
eSentire experts hunt, contain
and respond to attackers.
2 4 / 7 S O C
Daily
Escalations
700
Daily Threat
Containments
400
Mean Time
to Contain
15min
R E S P O N S E
S I G N A L S
Network
Endpoint
Log
Cloud
Vulnerability
Multi-Signal Ingest
20. Start date: mm.dd.yyyy
End date: mm.dd.yyyy
O N - P R E M I S E | C L O U D | H Y B R I D
CLOUD
ENDPOINT LOG
NETWORK
Security Log
Sources
Contextual
Awareness
IaaS / SaaS
Platform
Protection
East / West
Activity
Endpoint
Telemetry
North / South
Traffic Full Packet
Capture
Proprietary
Technology
21. Start date: mm.dd.yyyy
End date: mm.dd.yyyy
O N - P R E M I S E | C L O U D | H Y B R I D
Managed Vulnerability
Service
Reduce Risk
Vulnerability
Management
Phishing and Security
Awareness
Incident Response
Service
Proprietary
Technology
Proprietary
Technology
Reduce Risk
User Education
Security
Posture
Contain
Eradicate
Recover
22. eSentire CONFIDENTIAL
22
Managed Risk Programs
Core
Essentials
Measure and
Engage
Mature and
Direct
Harden and
Secure
Harden and
Wargame
Managed Vulnerability Service Managed Vulnerability Service Managed Vulnerability Service Managed Vulnerability Service Managed Vulnerability Service
Virtual CISO - Base
• Security Program Maturity
Assessment
Virtual CISO - Base
• Security Program Maturity
Assessment
Virtual CISO - Essential
• Security Program Maturity
Assessment
• Choose one additional vCISO
module: SPRG, SIRP, SAR,
VRMP, VMP
Virtual CISO - Good
• Security Program Maturity
Assessment
• Choose three additional
vCISO modules: SPRG, SIRP,
SAR, VRMP, VMP
Virtual CISO - Best
• Security Program Maturity
Assessment
• All five additional vCISO
modules: SPRG, SIRP, SAR,
VRMP, VMP
Executive Briefing Phishing and Security Awareness
Training
Phishing and Security Awareness
Training
Phishing and Security Awareness
Training
Phishing and Security Awareness
Training
External Penetration Test - Annual External Penetration Test – Semi-
annual
External Penetration Test – Semi-
annual
External Penetration Test –
Quarterly
Threat Advisories and Executive
Briefing
Threat Advisories and Executive
Briefing
Internal Penetration Test – Annual Internal Penetration Test – Semi-
annual
Threat Advisories and Executive
Briefing
Red Team Engagement – Annual
Wargame
Threat Advisories and Executive
Briefing
23. “Everybody has a plan, until
they get punched in the face”
- “Iron” Mike Tyson
My name is Mike, Sci and I’m a SR. Channel Solutions engineer, based in Atlanta GA
My first exposure to cybersecurity was back in 2010 working for a major CDN company where we offered WAF in the cloud.
I then started working in the managed security space, selling platform management, SIEM and other security services. While working in this space I found customers did not have the staff or expertise needed to understand and respond to the flood alerts coming in from their MSP.
This was back in 2016 when I read "Gartner's guide to managed detection and response” Reading this guide I realized that MDR was solving for a need that was not being addressed by traditional MSSPs.
The need was for embedded, Realtime incident response, not just alerting and guidance, which left the burden on the customer to do the forensic analysis, determine the severity of the incident and ultimately respond to the threat themselves, in a timely manor.
This brought me to working for the the originator of MDR, eSentire, where I could confidently sell a solution that would ensure they would not have a business impacting event. I started working as an SE supporting direct sales then Moved into a channel SE role.
Today I’m going to cover three key areas to show you how cyber security is really a big data problem.
Give you some insight on the MDR marketplace and give you the highlight real on our approach here at eSentire.
I’m going to pack a lot in over the next 30 minutes, so fasten your seat belt. Will save some time at the end for questions and I’m always available anytime after this webinar.
What is MDR? Evolution of MSSP
We here a lot of talk about digital transformation
I look at digital transformation as converting everything to zero's and ones delivered over the "lowest cost channel"
The Pandemic has accelerated Digital Transformation, putting great pressure on all industries to transform how they do business
the global workforce moving to remote work has made business more vulnerability by increasing the attack surface and leaving holes in their security posture. This increased the likelihood of a cybersecurity breachs
---
Faster Tech adoptions creates creates more demand on IT resources. Who has the skills to operate this ever-changing list of the latest point solution?
Red Queen effect: complex ecosystems must evolve, or they will die. (that's kind of sobering)
So with Digital transformation, combined with faster tech adoption, inability to get talent and the pressure to evolve or die, What else could go wrong?
How about a tsunami of data?
Now were confronting and trying to manage a massive data analysis problem (What do we do with all the data?)
Having cloud, on-premise and hybrid environments has increased the noise that customers needs to sort through.
It has also increased the attack surface the the burden on all organizations, especially S&B companies who don’t have funding or resources required to protect them.
You not only need full spectrum visibility, but you need to be able to make sense of the data
You may ask, How do we do that?
At esentire we leveraging a our Atlas cloud native platform To solve this massive data analysis problem
You need to start with pulling in the relevant security data sources or signals from network, endpoint, log, cloud. these signals are ingested into a common gateway. Next, they are sent to a data stream where they are normalized into standardized data via defined schemas.
This data is enriched with geo data, WHOIS data, and other enrichment data such as our Threat Intelligence, Machine Learning, Global Learning Service and Asset Context Service. Rules are applied to enriched events and they exit with automated response or recommendations.
meaningful events are made available to our Security Operations Centers via the SOC dashboard. The SOC Dashboard includes event details, investigation tools and response capabilities that our threat hunters can use to disrupt and contain a threats.
Lets take a look at a typical customer
Here is a big data example: This is an example of data coming from a Small / Midsized business.
- 1 sensor
200 endpoints
~200 employees
271K Raw signals or indicators of concern – from network and endpoint telemetry
Through filtering, threat intelligence, Machine learning, 2,200 threat hunter lead investigations
After false positives, there are 65 security incidents that we took action eliminate the threat..............then notified the customer
2 escalations where the customer needed do take action such as re-imaging an endpoint, running next gen. AV solution
Example pulling in massive data and making it actionable by our threat hunters
Visibility is important, but Speed counts!
this illustrates the Power of our SOC and the threat hunters that work in the SOC-
We have data coming in from over 700 customers and we conduct
six, threat hunter lead investigations every minute.
You need a cybersecurity service that can keep up with digital transformation, the tsunami of data and adapt to avoid the red queen effect, providing a cyber threat hunting service at a value driven price point.
So let’s dig into, Defining the MDR marketplace
As MDR has become the latest cyber security buzz word, it has created confusion in the marketplace.
There have been a lot of so called MDR competitors join the race in the past 3 to 4 years
In 2016, Gartner released the first official market guide for managed, detection and response services (just before I joined esentire) They cited 14 organizations as MDR vendors.
Just three years later, Gartner’s 2019 edition list over 200 providers in the MDR market space. While many analyst firms have released reports or guides that include broad category definitions of MDR, there is still a lack of clear attributes for measurement.
Since there is no singular definition established for MDR, I'm going to provide you a methodology for evaluating not only MDR providers, but can also be used in evaluating capabilities of MSSP’s and other security solutions
With over 200 “MDR” providers now being tracked in the marketplace, background differ vastly from one provider to another.
MSSP’s have evolved their offerings, by adding an Italian menu of add on’s to try to compete in the MDR space (Do you want Canoli’s and expresso with the chick parm?)
And Software providers have added a managed component, while consultants have added technology stacks to compete with pure play MDR providers, such as eSentire
this slide represents potential red flags for organizations looking for an MDR provider.
======
Things you should consider are:
company profile, financial strength, history or track record of innovation, service delivery, innovation and demonstration of delivery
I suggest reading Gartner guide to managed detection and response or eSentire managed detection and response definitive guide. We can provide these to you.
On The previous slide I presented some subjective considerations, now as promised, I’m going provide you that methodology for evaluating MDR providers.
This radar chart combines the four technical criteria for evaluating providers. Visibility, Detection, Signal Fidelity and Response. These criteria correspond to the primary purpose of MDR: minimizing threat actor dwell time.
these criteria captures the capabilities of the MDR segment.
Starting with Visibility, from applications to infrastructure, on–premises, in the cloud or in both. What was once a clearly defined defensive perimeter is now a shifting blend of mobile users and cloud workloads. As a result, you need visibility into multiple telemetry sources.
MDR Providers typically rely on telemetry from multiple sources: endpoints, network, log data, cloud or vulnerabilities. Base level MDR starts with Single telemetry, moves to Multiple telemetry and finally Full telemetry or as we call it full spectrum visibility
Next, we have Signal Fidelity. Log data provides broad level visibility, but is limited in depth, whereas full packet capture from the network provides deep fidelity but is limited in breadth of scope. Importantly, each has strengths and weaknesses when applied to the investigative process.
Looking at the third axis, we consider Detection capabilities. This may include threat hunting techniques, machine learning, automation, customized threat intelligence, behavioral, and perhaps known and unknowns. But it's the capability to find signals in the noise that separates advanced technologies.
Back to the fourth axis, Response, Time to detect, respond and contain is critical………..
Looking at the three categories of response:
Tier one, non vetted alert forwarding with limited forensics.
Tier two, threat validation, limited forensics, known threat automation and limited IR lifecycle support.
Tier three, threat validation, full forensics, known threat automation, managed remote tactical containment and full IR lifecycle support.
At eSentire we are considered tier 3 and are with you until the threat is eliminated!
----
Keep in mind......You have seconds and minutes to detect and respond, not hours and days we call this Micro Incident response or embedded real time response
I'm sure most people on this call are familiar with incident response retainers?
Ask yourself........How long does it take to initiate an IR retainer and then respond to a potentially business impacting event ? What would be the benefit to embedded real time incident response?
The four-axis radar chart we reviewed provides you framework comparing MDR providers. (visibility, detection, signal fidelity and response)
but there are additional criteria for consideration that correlate to:
time to detect and time to respond.
Consider these other criteria when evaluating MDR providers.
-----Talk to the slide
This radar chart combines the four technical criteria (Visibility, Detection, Signal Fidelity and Response) for evaluating MDR and MSP providers. These criteria correspond to the primary purpose of MDR: minimizing threat actor dwell time.
You can use this chart to see how the competitors stack up against these criteria.
Talk to slide: MD r R.....
Some questions you can ask yourself, What is a good enough solution? Are you a first- or second-generation buyers? Meaning have you learned what your true needs are from your first or even second experience with a security provider?
======
SOC-as-a-Service or Managed SIEM is a category of MDR Provider commonly characterized by MSSPs that are evolving services from alert-driven to more comprehensive coverage across the IR lifecycle. Capitalizing on the breadth of log visibility, SOC-as-a-service or Managed SIEM providers offer a cost-effective option to organizations that are looking to outsource expertise but have limited budgets.
Endpoint Detection and Response and MDR are used interchangeably by many managed endpoint detection and response providers. Edr, or in this case, ED, little ‘r’ is a subset of the MDR market, providing expertise focused solely on endpoint. As a category, ED little ’r’ providers offer advanced detection capabilities for endpoint threats. However, the majority of the IR lifecycle, including containment is the client's responsibility. ED little ’r’ vendors are a viable option for organizations looking for endpoint monitoring and detection and that have in-house resources to correlate data from other single sources to confirm, triage and contain threats in a timely manner.
MD little ’r’ multiple telemetry, represents the majority of the MDR market today. Vendors in this space leverage multiple telemetry sources but fall short of full stack visibility across on-premises and cloud environments. Typical combinations seen in this category, are endpoint and log together, most commonly. Or endpoint and network, or network and log. Vendors in this space typically utilize machine learning and behavioral analysis software to process large amounts of data to look for unknown threats. Coverage of the IR lifecycle is limited, and incident response retainers are typically available for clients in the event of an incident that cannot be handled in house.
MD big ‘R’ full telemetry represents the MDR industry's most complete offerings. Full visibility across on premises and cloud environments, coupled with integrated machine learning and behavioral analysis, feeds threat hunters with vital information that facilitates near real time threat detection and containment. Additionally, SLA’s strictly outline potential threat actor dwell time, limiting client-side requirements for IR lifecycle coverage. Importantly, organizations looking to outsource to MD big ‘R’’ full telemetry providers must have complete trust in the providers capabilities to deliver on SLA’s.
To solve this security data analysis problem
You need to start with pulling in the relevant security data sources from network, endpoint, log, cloud
then leverage a service that provides a technology platform and security experts That Filter through the data and NOISE.
Leveraging automated analysis, machine learning, aggregation, correlation to drive rapid response to security threats.
Of course we hear a lot of talk about AI,ML but the biggest advantage in the security market are the people who are trained in cyber threat hunting!
Threat hunters also apply AI: Abstract thinking and intuition
That a key differentiator of our MDR service.
We call this: human expertise at machine scale!
I mentioned Full spectrum visibility, What does that look like???
The five bundles are: First - Core Essentials, Second - Measure and Engage, Third - Mature and Direct, Fourth – Harden and Secure, and Fifth - Harden and Wargame.
Some of the services provided include: Vulnerability Assessments, Penetration Testing, Phishing Campaigns and Red Team exercises, which are a combination of various techniques to evade detection and prevention capabilities within the environment. This exercise results in assessment of prevention, detection and response capabilities against real world scenarios.
As our bundles build upon one another, Mature and Direct, and Harden and Wargame, include an increased scope of services.
The first being a Security Program Maturity Assessment or (SPMA). This provides an in-depth assessment of the client’s security program efficacy. Next, Security Incident Response Planning or (SIRP), this develops a focused and pragmatic plan that identifies the key steps to take when a security event occurs. Third, Security Policy Review and Guidance or (SPRG). This is a fully realized information security program that provides specific best practices for policies and procedures based on the eSentire security framework and NIST cybersecurity framework. Lastly, the Security Architecture Review or (SAR). This reviews technologies currently in use by your organization and provides detailed security controls and audit assessment criteria to secure the system.
and I’ll leave you today with a quote from iron Mike Tyson………. Everybody has a plan until they get punched in the face.
Most companies think they have a plan and a security service they can rely on, until they have that business impacting event.
Boxers surround themselves by experts to train and protect them from their opponents.
The same is true for cyber security, you need to have an expert team with a true MDR service behind you, to make sure you are prepared for the next fight to dodge, block and respond to your adversaries in real time.
Thank you!