Managed Detection and Response (MDR+)
Advanced Threat Detection, Remote Investigation and Rapid Response
BlueVoyant democratizes next-generation cybersecurity by creating services that offer the same level of protection enjoyed by large enterprises available to small-to-mid-sized businesses at a fraction of the cost.
Managed Detection and Response from BlueVoyant consists of monitoring and management of endpoint software deployments and the performance of incident response actions as needed. Monitoring Services include 24/7 collection, storage, reporting, and client notification of security events and device health events.
This service is supported by the BlueVoyant technology platform, a cloud-based ingestion, processing, and analysis system. This web-based platform generates reports based on the alerts that are analyzed by experts in BlueVoyant’s geographically diverse security operations centers (SOCs).
Managed Detection and Response includes a proven implementation methodology and tools for simple reporting and analysis that are provided through Wavelength™, BlueVoyant’s client portal.
MDR+ can be tailored to fit your needs with additional services like custom advanced threat detection.
What is MDR+?
MDR+ (Managed Detection and Response) from BlueVoyant is remote endpoint monitoring, protection, and incident remediation. Utilizing Next Generation Antivirus (NGAV) and Endpoint Detection and Response (EDR) software, BlueVoyant scan for, investigate, and neutralize threats on your behalf.
This service allows you to expand your cybersecurity capabilities to defend against the latest and most sophisticated threats.
Event classification is part of the process that BlueVoyant analysts perform when investigating security alerts. Depending on the severity, clients will be notified by email, phone call, or through the client portal.
- Services Activation: Advanced endpoint software will be deployed. Client applications will be whitelisted to reduce the likelihood of unintended business disruption. Remote intrusion response activities preapproval guidelines will be established.
- Investigation and Notification: When a suspicious event is detected or an automatic prevention activity occurs, an alert is generated and a security operations center analyst will investigate to determine whether or not there is a true positive, benign, or false positive and the client will be notified.
- Indicator Enrichment: Indicators of compromise associated with detections within the monitored environment are automatically extracted, scored, and enriched leveraging open source and proprietary Threat Intelligence. Enriched indicators, assigned a reputation and classification, are visible within Wavelength™.
- Endpoint Response: BlueVoyant will take a specific set of actions at the completion of an investigation: quarantine, delete, whitelist, monitor, or blacklist. Depending on your services, if an advanced investigation with live/real-time response is needed, BlueVoyant may perform remote intrusion response activities.
- Threat Detection: Advanced endpoint software will be used to expand enrichment and enhanced behavioral correlations. Depending on your services, BlueVoyant will proactively and iteratively search through events to detect and isolate advanced threats that evade existing security solutions.
- Malware Prevention: Deployed endpoint software will automatically prevent the execution of suspicious or known malicious software, often preventing the outbreak or spread of malware. Through blacklist policy management, delivery of unique signatures and threat intelligence indicator matching, BlueVoyant can deny, terminate and block operations remotely.
- Health Monitoring: BlueVoyant will monitor installed endpoint agent communications using the technology platform. BlueVoyant will monitor log sources and will generate an alert when a log source’s output has not been received in a specified interval.
- Outage Prevention: All third-party vendor patches and upgrades will be assessed for their security, stability, and functionality by BlueVoyant prior to client deployment to ensure they are supported and won’t cause outages.
Full Lifecycle Protection from Early Detection to Remediation
Combining automated processes and technologies with expert, field-seasoned cyber intelligence analysts, you’ll receive full-spectrum protection from initial alert to security event remediation.
Transparency and Reporting
BlueVoyant investigate, triage and remediate security events for you and provide executive-level reporting. You can watch the Security Operations Centers operate live, responding to security events through Wavelength™.
Hunting Threats within Your Network
Proactive threat hunting activities reveal dormant or trojan threat actors that evade network and endpoint detection solutions. BlueVoyant's Advanced Threat Detection includes full telemetry leveraging the benefits of EDR with BlueVoyant's SOC experts.
Proprietary Threat Intelligence
BlueVoyant utilize proprietary, open-source, and Dark Web intelligence to identify attacks, expedite triage and enrich investigations conducted by the Security Operations Centers. BlueVoyant see more so BlueVoyant can respond faster and more accurately than BlueVoyant's competitors.
Relax with Remote Intervention
Detect, block, and contain malware, ransomware, zero-days, and fileless attacks across your network with MDR+. BlueVoyant combine the best available NGAV and EDR technology with an elite team of security analysts to extend your existing technologies and team.
Their remote endpoint incident investigation and remediation is led by BlueVoyant cyber intelligence experts who record all actions made on your behalf in our user-friendly client portal, Wavelength™. You have complete visibility into security incidents and alerts, as well as prioritized notifications so you can avoid “noisy” distractions.
Outsource Your Cybersecurity
Top-of-the-line security tools are expensive to purchase and require a team of experts to install, integrate and manage. BlueVoyant’s unique approach incorporates a sophisticated method of detecting threats faster with the ability to contain and remediate the incident in a timely matter. BlueVoyant will work as your Partner, engaging you and tailoring our service to meet your unique needs.
Reduce Your Security Vulnerabilities
Internal and external systems need to be regularly scanned to identify security risks associated with new assets. BlueVoyant offers best-of-breed technology to help with asset discovery which identifies new additions and then classifies, prioritizes, remediates, and mitigates vulnerabilities.
Managed Detection and Response is supported by the expert analysts operate 24 hours a day, 7 days a week, across multiple locations within the Security Operations Centers (SOC). Certifications held by the team include SANS GIAC, EC-Council, and ISC-2, as well as others.
Their experts leverage Wavelength™, BlueVoyant’s client portal, to provide real-time visibility into detected alerts and to confirm incidents. This webbased portal enables approved client employees to interact with BlueVoyant’s security operations center analysts, view all detected assets, and if applicable, view vulnerabilities.
Dashboards, representing a variety of content such as event volume, alert volume, detected assets, and analyst response actions provide a snapshot of realtime security posture. Reports are available through Wavelength™ and include client environment content related to alerts, incidents, indicators, assets, and vulnerabilities.
BlueVoyant offer custom FFIEC and NCUA-ACET automations to assist financial institutions manage the growing number of security compliance management challenges adversely impact compliance.
The mandatory risk assessments and compliance reports can be burdensome, but BlueVoyant has automated many of the FFIEC and NCUA-ACET compliance controls to reduce the time-intensive reporting process that is crucial.
Updates on the threat landscape, sectorial, and intelligence summary reports are developed by the BlueVoyant Threat Fusion Cell - an elite team of cyber intelligence analysts and threat researchers focused on identifying and prioritizing information about threats using BlueVoyant proprietary and open source intelligence.
Orchestration and automation is a key component of our technology platform; it allows the BlueVoyant SOC to accelerate triage, reduce false positives, and improve mean time to resolve (MTTR).
BlueVoyant SOC and engineering teams have developed automations to support Managed Detection and Response and continue to deliver new automations. For example, an automated Emotet investigation, confirmation, and response playbook exist to quickly respond to specific outbreak strains.
During Introduction, key BlueVoyant and enterprise staff will engage you to learn your priorities, expectations, and deadlines. You will meet your BlueVoyant Project Manager as well as the Client Experience Team. We will establish your threat profile which helps us identify potential threats. We will create a pre-approved response plan as well as a list of pre-approved response actions that will be used to inform the SOC which response actions they may perform under what conditions.
Your Client Experience Team
The Client Experience Team is your primary support resource. You will be assigned an advisor who will act as your consultant and will enable the best experience interacting with BlueVoyant services. Your advisor will meet with you regularly to understand the goals of your security program and track results. Your advisor will also engage with you should you have any significant security events occur.
Implementation Project Manager
At the beginning of your MDR deployment, a BlueVoyant Implementation Project Manager will be assigned to you to assist you through the onboarding process. The Implementation Project Manager will help you establish timeline goals and select sources and devices that will be onboarded with the appropriate priority that aligns with your goals.
The Provisioning Phase focuses on the deployment of software to enable log collection and the configuration of devices and applications to deliver logs to the BlueVoyant Technology Platform for storage and analysis. This phase includes the installation of BlueVoyant virtual appliances and connectivity of BlueVoyant virtual appliances. You will also gain access to the client portal, WavelengthTM and we will configure multi-factor authentication which will be followed by training for client users. Security monitoring will begin once 80% of the target deployment has been met and an audit has been performed to ensure software has been properly deployed.
During Tuning, BlueVoyant will use the first 14-30 days post installation to identify a baseline of the environment and familiarize ourselves with your technology set and its alerts. Tuning is a process of factoring out some of the expected noise of the client’s environment and optimizing our service to provide better visibility and anomaly detection. We will develop endpoint policies to help with whitelisting applications which will be refined through steady-state operations as your IT infrastructure changes.
Once the advanced endpoint software on the identified endpoints has been deployed onto your environment, identification and contextualization of assets can occur. This includes identifying “Key Terrain” devices and applications as well as tagging assets and assigning asset criticality.
Service Tier Comparison
|Managed Detection and Response||MDR+||MDR+ with Advanced Threat Hunting|
|MDR Service Activation|
|Investigation & Notification|
|Access to Wavelength™|
|Remote Intrusion Response|
Robust, Relevant, and Right-Sized Cybersecurity Options for Businesses of All Sizes
As part of our commitment to democratizing cybersecurity, BlueVoyant’s services are designed to be mutually reinforcing, but do provide significant value as stand alone solutions.
Many clients choose additional services that are designed to work together to enhance and strengthen their security posture; this decision is generally based upon the size and expertise level of their IT staff.
Their Managed Detection and Response (MDR) service is the foundation of a robust cybersecurity program. Adding additional layers of protection as your need grows helps reduce risk to your enterprise.
Additional Managed Security Services Available:
Collects logs from applications and on-premise and/or cloud infrastructure to enable advanced threat detection. BlueVoyant leverages proprietary, open-source, and dark web intelligence to expedite triage and enrich investigations conducted by the SOC.
Maximize existing platform investments with access to a BlueVoyant hosted Splunk® Enterprise environment that will enable hands-on access to data and a team to help you perform searches, develop correlations and execute analysis.
Vulnerability Management Services
Takes the guesswork out of identifying potential weaknesses such as missing patches, malware, and misconfigurations. Vulnerability Management Services help organizations prioritize vulnerabilities so that they can reduce risk.
Download the BlueVoyant Managed Detection & Response (MDR) Brochure (.PDF)