Managed Detection & Response (MDR)

Managed detection and response services provide clients with remotely delivered security operations centre (SOC) functions. These functions allow organisations to rapidly detect, analyse, investigate and actively respond through threat mitigation and containment. MDR service providers offer a turnkey experience, using a predefined technology stack (covering areas such as endpoint, network and cloud services) to collect relevant logs, data and contextual information. This telemetry is analysed within the provider’s platform using a range of techniques. This process allows for investigation by experts skilled in threat hunting and incident management, who deliver actionable outcomes.

About our MDR service

Reliance acsn has developed a specialism for building and running MDR services based on the Microsoft security stack and with Sentinel (SIEM tool) at its heart. This specialism has seen us both advise clients on how to plan and build their own internal Sentinel based service, as well as plan, build and run as an extension of a client’s own security team.

MDR at Reliance acsn has been in place since 2014 and built based on client requirements and developed through drive and ingenuity of our team, who are always looking for ways to increase the quality and coverage of our service.

The service is based on the elements below, which we passionately believe are all required to deliver an effective MDR service.

Benefits

  • Expert resource 24/7 – many organisations struggle to attract and retain highly valuable security staff. The Reliance acsn team is there for you 24/7 and we take away the headache of ensuring you have great people protecting your business.

 

  • Predictable costs – We frequently see that clients with inhouse SOC teams, or who try to build one, are well over budget and aren’t achieving the outcomes they had planned. We will agree the commercial model with you at the start and this will be set for an agreed period and the outcomes from the service will be delivered on time and within budget.

 

  • Reduce alert fatigue – Our expert analysts will investigate and triage incoming alerts for you. We will provide you all the information you need and assist you where required in focusing your resource on mitigating the right threats.

 

  • A detailed understanding of your environment – the Reliance acsn team will provide specific, tailored advice based on the nuances of your individual environment to help ensure we protect you through the life of the partnership. A great example is how we worked with each of our clients when Log4J surfaced.

 

  • A partnership-based approach – by operating as an extension of your security team, Reliance acsn aligns our service to your risk and goals with SLAs which meet your specific requirements. Our clients view us as an extension of their team with our specialist resources used as subject matter experts on any security query or requirement.

 

  • Direct to analyst communication – Our clients have direct access to the analysts defending their environment, no call centres or tiers of management to navigate.

 

  • Extensive experience in security technologies as a service – delivering you combined value through playbooks, integrations and enrichments. Our expertise includes Windows and Linux, SSO/MFA, and a variety of network monitoring and cloud systems.

 

  • Increased Security ROI – many organisations have invested significant amounts of money in security technology or tooling which is lying unused or underutilised. Our MDR service helps improve your ROI on these by either allowing you to remove them as their function will be covered, or we will get the best out of them as a part of the service.

 

  • The smart utilisation of automation – Reliance ascn use this in a number of key areas to add capacity, bandwidth and speed to repetitive tasks. This provides you with humans able to focus on the “grey areas” of cyber security, with the time to investigate complex events.

 

  • A mature and robust threat intelligence capability – Reliance ascn’s experts combine market leading TI feeds, personalised to each client, with a deep understanding of the threat landscape and attacker behaviours to protect your systems and identify potential threat actors.

 

  • Flexibility – Reliance acsn’s MDR SOC service seamlessly integrates with platform, technologies, infrastructures and ecosystems. This ensures our service supports your business decisions and can respond to changes in your environment during the life of the service.

 

  • Advanced three tier detection – you will benefit from known bad, threat hunting and anomaly alerting, complimented by full incident profiling investigations.

 

  • Automated and governed responses – discussed during on-boarding, Reliance acsn will take action to defend your systems by containing endpoints and remediating incidents through our experience and expertise in different technologies.

 

  • Business led, customer focussed – we exist to protect and strengthen your environment, working as a trusted partner in your cyber security estate.
Contact us

Detection Rules

Detection Rules are critical and are the ever increasing ‘library’ which we can pick from to provide a client with high fidelity rules very early in the onboarding process.  These rules are then added to over time, and new bespoke rules are written to supplement these based on the specifics of a client’s environment.

There are over 600 rules built across Microsoft Sentinel and LogRhythm (all 500 are not deployed by default for Sentinel).

Below are Foundational rules deployed for all customers from day one of an engagement for Sentinel by log type (these figures are ever changing).

MDR Foundational Detection Analytics

We provide:

Constant rule tuning to reduce alert fatigue to find the critical alerts.

Our Detection rules are built on behavioural analytics, network analysis, correlation rule, anomalous behaviour and threat intelligence driven rules.

Real world testing of detection rules.

Threat intelligence driven use case development – we are actively building new rules based on new and developing threats.

Adversary built detection rules based on inhouse knowledge and resource – building detection rules based on what our PenTest team are doing.

Integrated technology

Below are a sample of some of the technologies our MDR service both monitors and integrates with in client environments:

  • Operating Systems
    • Windows OS
    • Linux OS
  • SSO/MFA
    • Okta
  • Network Monitoring
    • DarkTrace
  • Cloud
    • AWS
    • GSuite
    • Azure
    • Office 365
  • Firewalls
    • Cisco ASA
    • Palo Alto Firewall
    • WatchGuard
  • AV/EDR
    • Microsoft Defender stack (All Defender products sold by Microsoft)
    • CrowdStrike
    • Cynet
  • Platforms
    • Jamf Protect

 

""The MDR services Reliance acsn deliver have reduced our exposure, and that of our local government, NHS and GP practices, significantly.”"

— Giles Letheren, CEO, Delt Shared Services

Reliance acsn is also CREST accredited in Security Operations Centres (SOC). Our MDR service provides a 24/7 security monitoring service that covers intrusion detection, threat hunting, and managed security hygiene.

Application Status: Applicated Audited, Externally Validated

 

Contact us