What is Managed Detection and Response?
Managed Detection and Response provides organizations with various threat hunting services, such as security monitoring, threat hunting, and incident analysis. It allows customers to detect, analyze and react to a threat in the most efficient way.
Unlike Managed Security Service Providers (MSSPs), which typically provide only alerts from the security monitoring, MDR services are capable to provide a much deeper and more advanced threat detection compared to the MSSPs services.
CSIS is a leading provider of Managed Detection & Response (“MDR”) services. The ultimate objective of these services is to improve our customers’ security posture and heighten their resilience in the face of an increasingly more pervasive and complex threat landscape.
Through this service, CSIS triages and analyses security alerts that are generated by 3rd party technologies that our customers have implemented in their networks. These technologies are one or more of the following types:
- Endpoint Detection & Response (EDR)
- Network Detection & Response (NDR)
- Security Incident and Event Management (SIEM)
Based on its analysis, CSIS classifies alerts according to their ‘urgency’ and ‘potential impact’ using an industry-standard framework (Information Technology Infrastructure Library, or “ITIL”). This is done to ensure the appropriate level of focus is given to alerts.
When alerts are deemed to be incidents, the investigative aspect of the response process is activated. This often involves performing forensic analysis on the endpoint(s) affected. Such forensic analysis, which is done leveraging our proprietary and purpose-built tools, will provide unparalleled depth of insight and will be the basis of actionable recommendations provided to the customer.
Our MDR service is directly integrated into our Threat Intelligence Portal, through which it is possible for our customers to track all detected security incidents, find security-related information and tools, communicate with CSIS specialists, follow the workflow of an investigation, and have a full overview of all tickets.