Managed security services have been around for a long time. Traditional managed security services are focused on security and compliance reporting rather than on actively responding to threats. From a threat perspective they are essentially passive.
A Managed Detection and Response (MDR) service is a next-generation managed security service that provides active threat hunting, triage, investigation, and remediation as well as shared visibility into and control over the entire threat detection and response process.
Arete’s Managed Detection and Response Service
Our next-generation managed security services include:
Arete’s people are arguably the most important, the most unique, and the most differentiating component of Arete’s MDR service offering. Experienced cybersecurity professionals are in extremely high demand, and Arete’s team is made up of world-class security operations analysts, security architects and engineers, incident responders, and forensic investigators with hundreds of person-years of experience in government and civilian cybersecurity environments. We have a deep understanding of threat actors’ tactics, techniques and procedures (TTPs) based on decades of experience doing actual Incident Response (not just selling security products). This level of knowledge and experience is required to provide the judgement required in an MDR service.
Arete’s MDR service is based on a modular platform made up of a set of product and system components that were carefully selected and integrated by Arete based on decades of experience in cybersecurity as both developers and users of security products and services. These components can be deployed in a modular way to complement and enhance the capabilities your existing security infrastructure.
The key components of the platform include:
Advanced Endpoint Protection (Powered by SentinelOne)
This component is an endpoint protection and response system that uses Artificial Intelligence and real-time behavior analysis to automatically detect, block, and remediate threats, including threats that cannot be detected by traditional or even “next-gen” anti-virus systems. It also includes a “flight recorder” capability that continuously extracts and stores a rich set of information (metadata) about all endpoint activities – such as process, file system, and network behavior – that enables Arete’s monitoring team to “go back in time” and find the root causes of threats under active investigation. (Note: this platform component is included in all Arete MDR services).
Dynamic Threat Intelligence
The Arete MDR platform automatically consumes and operationalizes a rich, curated set of dynamic (continuously updated) threat intelligence that includes:
- Customer-specific threat intelligence developed by Arete’s monitoring, response and forensics teams based on threat behavior observed in a customer’s environment.
- Behavioral threat intelligence developed by SentinelOne’s threat research team and built into the SentinelOne product.
The Arete MDR service employs a proven process that includes: