What is Extended Detection & Response
Human Beings will Always be the Cornerstone of Effective Security
Ann Johnson, CVP of Security Compliance and Identity for Microsoft believes human input will be even more important in the years ahead. “People always ask me, ‘let’s see how technology can replace humans,’ she shared. “My response to that is never. Human intel and understanding of the behavior of the attackers and where they’re going to go next, and what they’re going to try to do all need to be part of predictive analytics. That’s why I want to make it easier for customers by just automatically being predictive and blocking stuff that potentially comes into their environment. I think you’ll see a natural convergence of XDR and SIEM into one thing—we just have to make sure that we get it right. We want simplicity of tooling and automation of tooling. The goal is that we want customers running their businesses and not be worried about their security tooling. The point when cybersecurity becomes a mature industry will be when there are no longer cybersecurity departments and when everybody’s problem is cybersecurity. Whether you’re a developer or an operator, you’ll still have a SOC. Cybersecurity needs to be everybody’s job from the first line of code.”
How to find the right MDR team
When it comes to XDR, it’s the human element that can bring the protection factor of this technology up to its full potential.
Critical Start Managed Detection and Response (MDR) service integration with XDR delivers a comprehensive combination of highly experienced analysts and operational processes that helps your security team quickly detect, investigate and respond to every alert and stop the most advanced attacks while reducing risk, alert fatigue, and analyst burnout.
From tedious IOC Management to optimized rules
A key feature of the MDR service for XDR is IOC management. IOCs are constantly published and updated. The process of publication and application of additional detections can be hard to manage, and a full-time job, so we added this feature to the service for no added cost. The Critical Start Threat Detection and Engineering team enhances out-of-the-box detection capabilities by developing and adding proprietary IOCs and behavioral detections from curated threat intelligence, previous RSOC investigations, and external threat intelligence feeds.
Critical Start can simplify the complexity of these alerts to turn noise into clarity through its own platform and TBR. Working with a customer, good and trusted alerts can be identified and added to the TBR for automatic resolution. By resolving false positives quickly and at scale, an MDR team can focus on unknown alerts for triage and quick resolution.
Through our platform, all alerts, tickets, reports, and full investigation details can be consolidated into one location for complete visibility. With 99 percent of security alerts analyzed and resolved, the remaining average of 0.1 percent (the right alerts) can be escalated for human investigation and response.
Speaking of human intervention, our human-led investigation and response includes 24x7x365 end-to-end managed detection and response services delivered by highly trained and experienced security analysts. Our analysts complete 200 hours of training during onboarding and another 40-80 hours annually—they would be considered L2 and L3 at competitors. Analysts work in a U.S.-based SOC 2 Type 2 certified Risk and Security Operations Centers (RSOCs) to investigate, escalate, contain, and respond to threats.
We take the complex and make it simple through powerful bi-directional integration between our platform and your tools to centralize your data, providing visibility to you through a “single pane of glass” to fit right into your existing workflows (set up in weeks, not months). Our approach is transparent by design. Unlike other MDR services, we’ve crafted our platform dashboards to enable you to see what our security analysts see. This means you will have complete visibility and access to every alert with full investigative details, including every action taken. The information provided will be detailed enough for auditing and reporting. Beyond visibility into the service, we can help extend your view to include your entire security ecosystem. You can better understand how your security tools are performing and confirm the return on these investments, plus the value of your MDR service.
Now here’s the best part:
Critical Start’s industry-leading MOBILESOC® can put all of this visibility into the palm of your hand. This iOS/Android application enables you to communicate directly with analysts right from your mobile device. Utilize in-app responses and full details around investigations, including data points collected, incidents resolved or escalated, and access to the playbook. You can triage and contain alerts from any time and from anywhere.
Finally, while MDR can definitively bring topline performance out a security tool such as XDR, your choice of vendors matters. Many MDR providers will not commit the value of their approach to hard metrics in writing. That’s why we prove the value of our platform with contractual, 60-minute or less Time to Detect (TTD) and Median Time to Resolution (MTTR) SLAs. With something as important as the security of your business, you should expect nothing less than a partner that’s willing to commit to their performance in writing.
1Gartner®, “Market Guide for Extended Detection and Response”, Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.