What is MDR and why is it important?
MDR or Managed Detection and Response is an outsourced solution that provides businesses with threat hunting services and then responds when the are discovered. At Control IT Solutions we use Bluedog MDR Solutions and we believe it shines above all others.
How do you really know what is happening in your network? You have firewall, great! You have endpoint protection, Fantastic! These are a great way of defending your network and all the data accessible upon it. However, no security system is perfect so what you have so far, think of it as a starting point. Now is the time that you need to consider a monitoring solution for your network: This is for you to see if anything is getting through your first line of protection. Most businesses at this point look towards a SIEM (System Incident & Event Management) tool to check activity in the network. If you have several security experts monitoring the traffic and events 24/7 and knowing what they’re looking for then this is a great way to maintain your network. If, however, you don’t have a SOC (Security Operation Centre) in house, having a SIEM tool is next to useless.
There are thousands of events that happen in the network every day, getting through them all and identifying which ones are bad is a lot of work and could prove to be an expensive tool that you don’t see much value in at all.
Bluedog works differently, it provides you with a SIEM tool that you can plug in and leave, knowing that if there is ever an issue, you will be alerted to the fact straight away. Bluedog has a team of qualified people watching your valuable assets 24/7, allowing you to focus on your core business. By only alerting you to only the things that matter, you’re not seeing all the noise of the false positives that would otherwise waste your time.
Please see below all the alerts and reporting to you as standard
Your internal network will be monitored for malicious activity 24/7. An alert will be sent immediately when suspicious activity has been identified
Rogue device detection
Continuously probing the network to find devices that shouldn’t be there, reporting on new and reappearing devices. Data gathered from this will help to enhance the managed detection service.
Weekly vulnerability scan on all internal IP’s
Vulnerability scans help look at where the weaknesses are in the network. This way you can pay more attention to possible attacks at the most vulnerable points. Weekly reports help you to determine where the vulnerabilities are within your network, allowing you to act before the attackers have a chance to get in.
Weekly vulnerability scan on up to 16 external IPs
Same as the internal vulnerability scanning but this offers insights on how attackers can get in through an external IP such as your Internet connectivity, webserver or home offices.
Vulnerability scan on 1 web application per month
Because websites are a common point of entry for attackers, a monthly scan is included in the service. Checking against OWASP ASVS benchmark, all common vulnerabilities are tested and reported on in an actionable way.
All these extra services allow you to stay in control of your network meaning that you are proactively able to shut down ways for attackers to get in. With a team of qualified people watching over all this 24/7, it means you can relax and leave the security of your business to the experts.