Managed Detection & Response
BlueVoyant: MDR for Endpoint
Discover, respond, and secure your endpoint devices
How well protected are your smart devices
It is increasingly difficult for organizations to defend themselves against today’s cyber threats. A new generation of malware, ransomware, and fileless attacks continue to evolve for maximum impact. Protecting your business infrastructure and devices is hard and expensive. It requires a combination of technology, security expertise, and threat intelligence that most organizations cannot deliver alone.
BlueVoyant’s Managed Detection for Endpoint
consists of monitoring and management of endpoint software deployments and the performance of threat hunting and incident response actions as needed. Regardless of whether you have Crowdstrike, VMWare, or SentinelOne, our MDR solution can manage your EDR platform.
– Identify and eradicate sophisticated threats across the entire environment with experienced, certified security experts.
– Triage 100% of threats and eliminate more than 90% of them with advanced automation to reduce risk and required resources.
– Augment your IT team with BlueVoyant experts who hunt threats, close gaps, implement automation, integrate workloads, streamline operations, and monitor your entire ecosystem 24x7.
– Access always-on security with continuous security
assessments, in-depth forensics, and rapid security content creation and deployment.
– Gain complete operational visibility, data privacy, and
compliance support as security engineers work to deploy solutions within your infrastructure.
– BlueVoyant’s Next Generation Content cuts time to upgrade security content in half, brings parity to detections between the different SIEM & EDR tools, and operates on data in parallel with customer content to avoid conflict.
24x7 Security Monitoring
Real-time alerting, triage, threat indicator enrichment, and investigation of malicious activity with filtered notifications and alerts supported by a world-class team within BlueVoyant’s 100% cloudbased SOC.
Security Orchestration and Automation
Supports the BlueVoyant SOC in accelerating event triage, reducing false positives, and improving mean time to resolution.
Investigation & Notification
Once a malicious state change is detected, an incident is generatedand our security analysts will perform triage and investigation of the event to confirm true-positive, benign, or false-positive.
Unlimited Live Remote Response
Includes unlimited remote investigations and response services for all activities consistent with remote SOC capabilities and visibility and response capabilities of M365 Defender.
Wavelength™ Client Portal
A web-based portal that provides real-time visibility / dashboards to detected alerts, confirmed incidents, and enables approved client employees to interact with our SOC analysts and view all detected assets.
BlueVoyant provides a fully documented, bi-directional API that can be used to synchronize security incidents and service management cases with a client ITSM tool. Pre-built integration for ServiceNow via the ServiceNow Store is available at an additional cost.
Next Generation Content
Cuts time to upgrade security content in half using our proprietary BlueVoyant Information Model and leveraging Continuous Integration and Continuous Delivery (CI/CD) pipelines to deliver the most accurate and update to date content to our customers’ environments. It brings parity in detections between the different SIEM & EDR tools because
it is available for all BlueVoyant MDR supported tooling.
Threat Detection Thursday
Weekly content updates are pushed automatically to all clients.
Ongoing maintenance and customization to maximize your
Automatic extraction, scoring, and enrichment of Indicators of Compromise (IoCs), leveraging Bluevoyant automation with both open source and BlueVoyant proprietary threat intelligence.
BlueVoyant will take a specific set of actions at the completion of an investigation: quarantine, delete, whitelist, monitor, or blacklist. Depending on the subscription, if an advanced investigation with live response is needed, BlueVoyant can leverage our in-house DFIR experts to conduct those activities.
Advanced endpoint software will be used to expand enrichment and enhanced behavioral correlations. Depending on your services, BlueVoyant will proactively and iteratively search through events to detect and isolate advanced threats that evade existing security solutions.
Deployed endpoint software will automatically prevent the execution of suspicious or known malicious software, often preventing the outbreak or spread of malware. Through blacklist policy management, delivery of unique signatures and threat intelligence indicator matching, BlueVoyant can deny, terminate, and block operations remotely.
Notification and assistance with troubleshooting if agents or log collection appliances become uncommunicative or unreachable, or output has not been received from log sources within the scope of service.
All third-party vendor patches and upgrades will be assessed for their security, stability, and functionality by BlueVoyant prior to client deployment to ensure they are supported and won’t cause outages.
Smart Log Management
Logs are aggregated and stored on the client’s EDR instance, tamperproofing critical logs while ensuring that only the right types and amounts of data needed for investigations are analyzed.