What is Extended Detection & Response
Human Beings will Always be the Cornerstone of Effective Security
Ann Johnson, CVP of Security Compliance and Identity for Microsoft, believes human input will be even more important in the years ahead. “People always ask me, “let’s see how technology can replace humans,” she shared. “My response to that is never. Human intel and understanding of the behavior of the attackers and where they’re going to go next and what they’re going to try to do all needs to be part of predictive analytics. That’s why I want to make it easier for customers by just automatically being predictive and blocking stuff that potentially comes into their environment. I think you’ll see a natural convergence of XDR and SIEM into one thing—we just have to make sure that we get it right. We want simplicity of tooling and automation of tooling. The goal is that we want customers running their businesses and not worried about their security tooling. The point when cybersecurity becomes a mature industry will be when there are no longer cybersecurity departments and when everybody’s problem is cybersecurity. Whether you’re a developer or an operator, you’ll still have a SOC. Cybersecurity needs to be everybody’s job from the first line of code.”
How to find the right MDR team
When it comes to XDR, it’s the human element that can bring the protection factor of this technology up to its full potential. Critical Start has a 100% net SOC retention rate, which speaks to the value we place on our team and yours.
Critical Start Managed Detection and Response (MDR) service integration with XDR delivers a comprehensive combination of highly experienced analysts and operational process that helps your security team to quickly detect, investigate and respond to every alert, and stop the most advanced attacks while reducing risk, alert fatigue and analyst burnout.
From tedious IOC Management to optimized rules
A key feature of the MDR service for XDR is IOC management. IOCs are constantly published and updated. The process of publication and application of additional detections can be hard to manage and a full-time job, so we added this feature in the service for no added cost. The Critical Start Threat Detection and Engineering team enhances out- of-the box detection capabilities by developing and adding proprietary IOCs and behavioral detections from curated threat intelligence, previous SOC investigations and external threat intelligence feeds.
Critical Start can simplify the complexity of these alerts to turn noise into clarity through its own Zero Trust Analytics Platform (ZTAP) and Trusted Behavioral Registry (TBR). Working with a customer, good and trusted alerts can be identified and added to the TBR for automatic resolution. By resolving false positives quickly and at scale, an MDR team can focus on unknown alerts for triage and quick resolution.
Through ZTAP, all alerts, tickets, reports and full investigation details can be consolidated into one location for complete visibility. With 99 percent of security alerts analyzed and resolved, the remaining average of 0.1 percent (the right alerts) can be escalated for human investigation and response.
Speaking of human intervention, our human led investigation and response includes 24x7x365 end-to-end managed detection and response services delivered by highly trained and experienced analysts. Our analysts complete 200 hours of training during onboarding and another 40-80 hours annually—they would be considered L2 and L3 at competitors. Analysts work in a U.S. based SOC 2 Type 2 certified Security Operations Center (SOC) to investigate, escalate, contain and respond to threats.
We take the complex and make it simple through powerful bi-directional integration between ZTAP and your tools to centralize your data, providing visibility to you through a “single pane of glass” to fit right into your existing workflows (set up in weeks, not months). Our approach is transparent by design. Unlike other MDR services, we’ve crafted our ZTAP dashboard to enable you to see what our SOC analysts see. This means you will have complete visibility and access to every alert with full investigative details including every action taken. The information provided will be detailed enough for auditing and reporting. Beyond visibility into the service, we can help extend your view to include your entire security ecosystem. You can better understand how your security tools are performing and confirm the return on these investments plus the value of your MDR service.
Now here’s the best part:
Critical Start’s industry-leading MOBILESOC can put all of this visibility into the palm of your hand. This iOS/Android application enables you to communicate directly with analysts right from your mobile device. Utilize in-app responses and full details around investigations including data points collected, incidents resolved or escalated, and access to the playbook. You can triage and contain alerts from anytime and from anywhere.
Finally, while MDR can definitively bring topline performance out a security tool such as XDR, your choice of vendors matters. Many MDR providers will not commit the value of their approach to hard metrics in writing. That’s why we prove the value of ZTAP with contractual SLAs for Time to Detect (TTD) and Median Time to Resolution (MTTR). Our guarantee is that we will triage every alert in minutes, with a 1-hour SLA. With something as important as the security of your business, you should expect nothing less than a partner that’s willing to commit to their performance in writing.
1Gartner®, “Market Guide for Extended Detection and Response”, Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.