Published 10. Oct. 2017
Are Managed Detection and Response Services Right for You?
A large hedge fund in the US turned to a Managed Detection and Response (MDR) service to filter through the bombardment of low-value security alerts and false positives they were receiving to find the actual threats the company is facing.
THE CHALLENGE: CUTTING THROUGH THE NOISE
The customer has made significant investments into cyber security solutions that would alert them when something suspicious occurred on their network, including a centralised SIEM. These security solutions generated an unmanageable amount of alerts and the customer struggled to separate actual security threats from false positives and benign alerts.
THE SOLUTION: A PERSONALISED MDR SERVICE
Since the customer wanted to keep their existing SIEM tool, mnemonic simply hooked it up with their vendor-agnostic MDR service. Relevant logs and alerts were gathered for analysis, and they even collected logs from other devices that were not previously collected in the SIEM solution.
With mnemonic MDR, the customer got a platform that:
- Frees up their security staff’s time by correlating events from different security controls to isolate legitimate security threats.
- Applies threat intelligence in the context of critical business processes.
mnemonic minimised the amount of data leaving the customer’s network by performing most analysis and triage processes within the customer’s own network.
To build trust in mnemonic’s competencies and services, as well as showcase their ability to collaborate, they closely interacted with the customer during the scoping process and ensured proper introduction of key personnel responsible for the service delivery.
THE RESULT: REAL THREAT DETECTION AND EFFICIENT INCIDENT RESPONSE CAPABILITIES
The customer’s security staff reports that their time is now being spent more efficiently, since they are now only responding to confirmed security incidents from mnemonic instead of all the alerts received from their SIEM.
Furthermore, according to the CISO, their network visibility has significantly improved, and they are now finally realising the full benefits of the previously implemented security controls.
Overall, the customer is in a better position to detect and respond to security breaches.