Managed Detection & Response
For Endpoint
Solution Brief
BlueVoyant: MDR for Endpoint
Discover, respond, and secure your endpoint devices
How well protected are your smart devices
and hardware?
It is increasingly difficult for organizations to defend themselves against today’s cyber threats. A new generation of malware, ransomware, and fileless attacks continue to evolve for maximum impact. Protecting your business infrastructure and devices is hard and expensive. It requires a combination of technology, security expertise, and threat intelligence that most organizations cannot deliver alone.
​
​
BlueVoyant’s Managed Detection for Endpoint
consists of monitoring and management of endpoint software deployments and the performance of threat hunting and incident response actions as needed. Regardless of whether you have Crowdstrike, VMWare, or SentinelOne, our MDR solution can manage your EDR platform.
Key Differentiators
​
– Identify and eradicate sophisticated threats across the entire environment with experienced, certified security experts.
– Triage 100% of threats and eliminate more than 90% of them with advanced automation to reduce risk and required resources.
– Augment your IT team with BlueVoyant experts who hunt threats, close gaps, implement automation, integrate workloads, streamline operations, and monitor your entire ecosystem 24x7.
– Access always-on security with continuous security
assessments, in-depth forensics, and rapid security content creation and deployment.
– Gain complete operational visibility, data privacy, and
compliance support as security engineers work to deploy solutions within your infrastructure.
– BlueVoyant’s Next Generation Content cuts time to upgrade security content in half, brings parity to detections between the different SIEM & EDR tools, and operates on data in parallel with customer content to avoid conflict.
Features
​
24x7 Security Monitoring
Real-time alerting, triage, threat indicator enrichment, and investigation of malicious activity with filtered notifications and alerts supported by a world-class team within BlueVoyant’s 100% cloudbased SOC.
Security Orchestration and Automation
Supports the BlueVoyant SOC in accelerating event triage, reducing false positives, and improving mean time to resolution.
Investigation & Notification
Once a malicious state change is detected, an incident is generatedand our security analysts will perform triage and investigation of the event to confirm true-positive, benign, or false-positive.
Unlimited Live Remote Response
Includes unlimited remote investigations and response services for all activities consistent with remote SOC capabilities and visibility and response capabilities of M365 Defender.
Wavelength™ Client Portal
A web-based portal that provides real-time visibility / dashboards to detected alerts, confirmed incidents, and enables approved client employees to interact with our SOC analysts and view all detected assets.
ITSM Integration
BlueVoyant provides a fully documented, bi-directional API that can be used to synchronize security incidents and service management cases with a client ITSM tool. Pre-built integration for ServiceNow via the ServiceNow Store is available at an additional cost.
Next Generation Content
Cuts time to upgrade security content in half using our proprietary BlueVoyant Information Model and leveraging Continuous Integration and Continuous Delivery (CI/CD) pipelines to deliver the most accurate and update to date content to our customers’ environments. It brings parity in detections between the different SIEM & EDR tools because
it is available for all BlueVoyant MDR supported tooling.
Threat Detection Thursday
Weekly content updates are pushed automatically to all clients.
MDR Concierge
Ongoing maintenance and customization to maximize your EDR platform.
Indicator Enrichment
Automatic extraction, scoring, and enrichment of Indicators of Compromise (IoCs), leveraging Bluevoyant automation with both open source and BlueVoyant proprietary threat intelligence.
Endpoint Response
BlueVoyant will take a specific set of actions at the completion of an investigation: quarantine, delete, whitelist, monitor, or blacklist. Depending on the subscription, if an advanced investigation with live response is needed, BlueVoyant can leverage our in-house DFIR experts to conduct those activities.
Threat Detection
Advanced endpoint software will be used to expand enrichment and enhanced behavioral correlations. Depending on your services, BlueVoyant will proactively and iteratively search through events to detect and isolate advanced threats that evade existing security solutions.
Malware Prevention
Deployed endpoint software will automatically prevent the execution of suspicious or known malicious software, often preventing the outbreak or spread of malware. Through blacklist policy management, delivery of unique signatures and threat intelligence indicator matching, BlueVoyant can deny, terminate, and block operations remotely.
Health Monitoring
Notification and assistance with troubleshooting if agents or log collection appliances become uncommunicative or unreachable, or output has not been received from log sources within the scope of service.
Outage Prevention
All third-party vendor patches and upgrades will be assessed for their security, stability, and functionality by BlueVoyant prior to client deployment to ensure they are supported and won’t cause outages.
Smart Log Management
Logs are aggregated and stored on the client’s EDR instance, tamperproofing critical logs while ensuring that only the right types and amounts of data needed for investigations are analyzed.