CYBER SECURITY \ MANAGED DETECTION & RESPONSE (MDR)

Managed Detection & Response (MDR)

Protect your organization with real-time detection of threats and live 24/7/365 response.

 

Don't become a Statistic

Small/medium businesses are becoming the favoured targets of cyber criminals because they are less prepared for a cyber attack.

Crafty criminals, advanced malware and zero-day attacks are making their way past even the most sophisticated security.

Prevention and protection are no longer sufficient to keep your business safe.

Don’t let your business be the next victim.

managed-detection-and-response-24-7-365.png

Canadian Businesses are Under Attack

1-in-5 Canadian SMBs have been affected by a Cyberattack or data breach in the last two years

(Insurance Bureau of Canada)

SMBs Becoming the Favoured Target

46% of Cyber Attacks are now aimed at small/medium businesses (< 1000 employees)

(Verizon)

The Cost of Cyber Attacks is Increasing

Cyberattacks now cost companies $200,000 on average, putting many out of business

(CNBC)

"THERE ARE TWO TYPES OF COMPANIES:
THOSE THAT HAVE BEEN HACKED, AND THOSE THAT DON'T KNOW THEY HAVE BEEN HACKED."

JOHN CHAMBERS - CEO OF CISCO SYSTEMS

What are the Risks?

Cyber Attacks against SMBs are almost always financially driven.

According to a recent study by Verizon 93% of Cyber Attacks against Small/Medium Businesses (SMBs) were financially motivated and more than 80% of external Cyber Attacks are tied to organized crime. Most Cyber Crime organizations are highly skilled and use a number of different techniques to extract as much money as they can from each attack. Below we highlight the 4 most common ways Small/Medium Businesses are affected by Cyber Attacks.


Top 4 Risks

Data Theft

Attackers steal personal or financial data to sell or threaten to release unless you pay a Ransom.

Ransom Cost

Attackers delete your backups and lock you out your files, preventing you from working until you pay a Ransom.

Financial Loss

Attackers access and use your systems or accounts to steal money, or commit other types of scams.

Intellectual Property Theft

Attackers or employees steal Intellectual Property to sell to your competitors.

Don't Let it Happen to You

The news is full of stories about Cyber Attacks however only 12% of Cyber Attacks are reported to the authorities and even fewer to the press.

These attacks not only have a huge financial cost, but they also can damage business relationships, potentially leading to loss of business.

 

Perfect Protection Isn't Practical

Most small/medium businesses invest heavily in Prevention & Protection but are not prepared for a Cyber Attack that bypasses their defences.

Managed Detection & Response (MDR) rapidly detects, responds and contains cyber threats that have slipped passed your prevention layer.

Cyber Security - Before During After.png

Average time to identify a breach in Canada in 2020 was 226 days

Source: IBM

Early Stage Threat Detection

Detecting and blocking an attacker in the in the Intrusion, Enumeration or Lateral Spread stages drastically reduces the damage, and cost of the Cyber Attack.

Most breaches take months from the initial compromise to detection. The initial breach itself is fairly quick — a user clicks on a phishing link within a email, or opens a document containing a malicious macro, and the attacker is in.

After the initial intrusion, the attacker begins the enumeration phase. Scouting out where they are in your network, what privileges the user has, and where they can go. The attacker then begins to hop from system to system in what is called ‘lateral movement’. Most security tools can’t detect lateral movement because it is lost among all the regular traffic of the organization.

It is during this lateral movement phase that the attacker is most vulnerable to detection. They're operating semi-blind in a foreign network, seeking out targets of value.

Managed Detection & Response can detect and detain threats during Intrusion, Enumeration or Lateral Spread stages before the hacker is able to complete his/her mission.

 
attack-timeline.png

Stop Hackers in Their Tracks

Managed Detection & Response is the next generation of managed security service with a focus on real-time threat detection, threat hunting, and active response.

Lateral Spread Tradecraft

Detect & respond to techniques used by hackers to move beyond the initial compromised computer.

Infrastructure Enumeration

Detect & respond to techniques used by hackers to discover and assess assets over your network.

Privileged Users and Activity

Detect & respond to creation, elevation and unusual activity of privileged accounts.

Asset Visibility & Remote Access

Detect & respond to insecure devices on your network and unauthorized remote access tools.

 

Security Tampering

Detect & respond to techniques used by hackers to tamper with or bypass security settings.

Insider Threats

Detect & respond to common activities performed by malicious employees.

Non-Traditional IT Environments

Detect & respond to threats on IP-enabled devices like IoT, OT, PLC, BAS, ICS and more.*

Microsoft 365 Hacks

Detect & respond to attacks inside of Microsoft 365 including compromised accounts.*

*optional add-on required

Managed Detection & Response - How it works

Highly-experienced MDR Security Analysts, using specialized software will monitor your environment every hour of every day, taking action when it's needed to stop a hacker in their tracks.

Threat Detection

Human Analysis

Incident Response

Reporting

Compliance

Integration

 

Real-time Threat Detection

 

24/7 monitoring by the MDR Security Analysts and threat hunting team to discover any cyber threats that may have slipped passed your prevention layer.

  • Looks for the most common techniques used by attackers

  • Detects attackers in your environment early to minimize damage

  • MITRE ATT&CK® Integration - mapping threats to industry standards

Detection-Capabilities.png

Human Analysis

 

As new events occur, Security Analysts will investigate each event

  • Analyze the Event to determine if it is a threat

  • Investigate the origin and scope of the attack

  • Active Threat hunting information based on ATT&CK tactics and techniques

  • MDR team led by former US Government Cyber Security Operators with a deep understanding of hacker tradecraft

Security-Operations-Center.jpg

Incident Response

 

When a threat is detected and confirmed to be malicious, our Security Analysts has the ability to kill processes and detain the affected device immediately; cutting the attacker out of your network and stopping the spread before it starts.

  • Security Analysts respond to alerts 24/7/365

  • Ability to kill malicious processes or detain / isolate affected devices

  • Pre-established incident response playbook/procedure

  • Customizable detainment notification message to device users

  • Preserve detained machine state for users to save work and support forensics

Network-Map_Realtime-Threat-Response.png

Patented Technology

 

Patented technology built from the ground up to give analysts the ability to continuously monitor and respond to the modern threat landscape.

  • First contextually aware breach detection and response platform on the market

  • Security monitoring, detection, and response all built into one tool

  • Unparalleled visibility into hacker tradecraft, lateral spread, and remote privileged activity

  • Automatically collects and correlates meta-data around suspicious events, reducing data and analyst overload

  • Identifies and maps threats to the industry-standard MITRE ATT&CK framework

  • Designed by Former NSA Cyber Operations Experts 

  • Software built and operated in the U.S.

MDR-Multi-Tenant_Alert.png

Integrations to Enhance Effectiveness

 

Managed Detection & Response integrates with other key parts of the happier IT technology stack to enhance threat detection and response.

  • SentinelOne - Integrates with SentinelOne’s Ransomware & Advanced Endpoint Protection to rapidly detect and prevent the spread of attacks.

  • 365Protect - Integrates with 365Protect - Microsoft 365 Security to provide real-time response to Threats in your Microsoft 365 environment.

  • Cisco Meraki - Integrates with Cisco Meraki to Firewalls, Switches and Wireless Access Points to improve detection of threats on the network.

managed-detection-response-mdr-sentinelone.png
managed-detection-response-mdr-365Protect.png
managed-detection-response-mdr-meraki.png

Reporting & Compliance

 

Every month you’ll receive a report that summarizes all the events investigated, the privileged accounts monitored, any suspicious findings, and an executive summary suitable for upper management.

  • Automatically generated each month

  • Delivered monthly to your Report Vault in the happier IT Portal

report-vault.png
MDR-Report-Summary.jpg
MDR-Report-Threat-Techniques.jpg
MDR-Report-Priviledged-Remote-Activity.jpg

Network/IOT/OT Protection (add-on)

 

Secure IT/OT/BAS/Industrial Control Networks with live-monitoring, visualization, and actionable alerts.

  • Asset Visibility - provides asset discovery and visibility across the infrastructure by monitoring DHCP traffic.

  • Remote Access Monitoring - monitors network traffic to detect remote access connection attempts regardless of whether the connection succeeds or fails.

  • Threat Detection - detects malicious or suspicious network traffic by consuming daily threat intelligent feeds to identify bad or unusual domains. It also detects port scanning and obfuscated (TOR) traffic.

  • Extensibility - supports monitoring user-defined ports, protocols, and addresses.

ICS_diagram.png

Logging & Compliance (add-on)

 

Satisfy compliance requirements, including assessments and audits with our Logging & Compliance add-on. The Logging & Compliance add-on was specifically designed to help satisfy your compliance needs. The hyper-efficient logging architecture supports real-time collection of device logs, file integrity monitoring (FIM) events, and any other application or system that exports syslog.

  • Affordable

  • Satisfy compliance and logging needs

  • Create and export compliance reports

  • Includes 365 days of storage (additional retention options available)

  • Fast setup & configuration

gartner-300x77.png

"IT security leaders should use Managed Detection and Response (MDR) services to augment existing security capabilities to address gaps in advanced threat detection and incident response before investing in more security monitoring tools (e.g., Security Information and Event Management (SIEM), network, and host-threat detection), and associated staff and expertise."

Gartner, "Market Guide for Managed Detection and Response (MDR) Services", May 2016, Bussa. Lawson, Kavanagh

Mitigate Cyber Attack Damage

Reducing the damage done by Cyber Attacks is as easy as 1, 2, 3

schedule-appointment.png

Step 1

Schedule a Call

Schedule a call to discuss Managed Detection & Response and if it is right for your business.

customized-plan.png

Step 2

Get a Proposal

Review and approve the Managed Detection & Response proposal.

get-started.png

Step 3

Setup for You

We will work with you to deploy Managed Detection & Response - typically in under 2 weeks.

Click Here