- EDR alerts require rapid and thorough investigation and response to deliver beneficial security outcomes
- Your business may be at risk and attackers can sneak in and remain if you don’t keep on top of your alerts
- Upgrading to MDR lets you quickly and painlessly add network security analytics visibility to your defenses
- MDR brings critical security response capabilities found at Fortune 500 companies to midmarket customers
Raising defenses to meet the demands of the changing threatscape
Bitdefender Customers: You’ve had Endpoint Protection (EPP) in place for ages, successfully meeting compliance requirements and providing strong, proven multi-layered defenses against everyday threats and novel attacks. Nobody does this better than Bitdefender, and we commend you for helping to make us the most awarded EPP vendor in the industry. At first, the endpoint alerts were manageable and generally did not require much attention, as nearly every threat was automatically blocked by GravityZone’s unmatched defenses. Then the attackers got smarter and the threats grew more sophisticated. Perhaps your business was targeted directly.
So in recent years, many of you added Endpoint Detection and Response (EDR), upgrading to GravityZone Ultra, allowing for thorough detection and investigation of more complex security incidents and the ability to remediate endpoints and take them back to their pristine pre-infection state. Ultra EDR uncovered much more sophisticated threats and delivered far more detailed alerts than GravityZone EPP but generated more work for your security team. Over time, the alerts multiplied and became more complex, but like many organizations facing resource constraints, your staff likely remained constant in its size and skill set despite the increased risk.
Then the alerts started piling up, coming in faster than you could manage. Maybe you looked at half of them, or a quarter—or followed just a handful all the way through triage, investigation, and on to resolution. Some of you may have turned off alert categories, reduced detection sensitivity, or even thrown up your hands completely.
What good are EDR alerts if they are not followed up?
EDR alerts provide valuable clues to malicious activity. Each alert requires thorough investigation by a trained and available security expert and, once malicious activity has been confirmed, a rapid and coordinated response. Businesses increasingly recognize the importance of EDR, however most lack the resources to mount an effective detection and response to sophisticated threats in a timely manner. Perhaps there are too many alerts to manage with the staff available, or maybe some alerts require a sophisticated cross-disciplinary response that exceeds the skill sets of the team. Either way, EDR alerts tend to pile up without a thorough investigation, allowing attackers to sneak into the network and remain—which is evident in our GravityZone cloud data, where we see viable EDR alerts ranging into the thousands going unheeded for various reasons.
Your business might be at risk, or possibly under active attack, if any of the following are true:
- You are resource limited and are not timely investigating all EDR alerts
- You confine your alert investigation to standard business hours
- Confirmed positive alerts are not rapidly being remediated
MDR is much more than tooling and managing alerts
Managed Detection and Response is not simply about deploying security tools and managing the resulting alerts. It’s about combining technology, automation, experience, and expertise to quickly understand what is happening within the environment to take rapid action to limit any adverse impact to the business. MDR threat hunting provides a proactive analysis component to your security program, and threat hunting cannot be done effectively without a thorough understanding of the threat landscape, contextualized to your business. This requires a Threat Intelligence team. MDR brings all the components of a modern Monitor, Detect and Response operation, usually reserved for Fortune 500 companies together in a single service, at a price point that makes it available to a much wider range of customers, now accessible to the midmarket.
What about other devices on the network?
There is another beneficial dimension to the Managed Detection and Response services package. MDR allows you to quickly and painlessly add network security analytics visibility with Bitdefender Network Traffic Security Analytics (NTSA) without requiring any staff familiarity with network traffic analysis (NTA) products, alerts, or response strategies. This dimension adds crucial visibility for both traditional endpoint/server devices and Internet of Things (IoT) devices. Our expert managed Security Operations Center (SOC) team can even correlate endpoint and network alerts back to the same security incident, as many attack indicators manifest themselves in network traffic, even when endpoint security has been circumvented, or for network devices that cannot run a traditional security agent.
How do you upgrade to MDR?
Adding MDR services to your existing Bitdefender EDR solution is simple and straightforward. GravityZone Ultra customers can immediately take advantage of MDR with a simple authorization and the creation of an MDR user within the GravityZone Cloud management console. Past and current alerts will instantly become visible to the trained security experts in the Bitdefender SOC, facilitating threat hunting and remediation. We will discuss and agree together on the scope of pre-approved actions and escalations that Bitdefender will be authorized to take on your behalf to resolve incidents quickly and deliver sustained beneficial security outcomes.
You already have all of the necessary conditions in place to immediately take advantage of MDR:
- GravityZone cloud management platform
- Bitdefender single integrated agent, encompassing low-overhead EDR and Endpoint Risk Analytics (ERA)
- Active alerts that you may not have looked at
What capabilities does MDR add and what changes in my current EDR setup?
Moving from EDR to MDR doesn’t negate your team’s ability to view and manage the EDR alerts—it simply opens them up to the Bitdefender managed SOC team to monitor, investigate, respond, and remediate on a 24x7x365 basis—evicting unauthorized parties from your network and minimizing the impact of any intrusions. The SOC never sleeps. We’ll work down your existing alert queue and ensure that the alerts don’t pile up again.
Our SOC professionals will follow up on every EDR breach indicator and will communicate the case status to you, the customer through detailed reports, all the way through to evicting the attacker from the network and restoring your systems to their known-good pre-breach states. Bitdefender MDR involves much more than simple breach notification, but rather it includes delivering beneficial security outcomes by leveraging round-the-clock monitoring, visibility and response technologies deployed at the host and network layers, advanced analytics, threat intelligence, and human expertise in incident investigation to remove threat actors and restore secure baselines.
Are you ready to get started?
Do you want Fortune 500 security response capabilities? Are you ready to stop running in place managing EDR alerts and return full focus to running your business? Are you ready to offload this burden to a professional SOC team and free your teams to work on strategic priorities? If so, we want to make your upgrade from EDR to MDR as easy as possible. And while we’re at it, consider increasing your number of GravityZone managed endpoints and adding NTSA for network traffic visibility to protect even more of your estate from ever-increasing threats.
*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Michael Rosen. Read the original post at: http://feedproxy.google.com/~r/BusinessInsightsInVirtualizationAndCloudSecurity/~3/pRzOc5C32EU/adding-mdr-services-to-edr-improve-security-outcomes