Managed Detection & Response (MDR)

hunt FOR attacks in your environment USING OUR SECURITY OPERATIONS CENTRE (SOC)

In a world with a greater demand being placed on privacy and accountability of businesses to protect corporate and personal data, there’s no surprise that the bad guys want access to it. From organised criminals to nation states, even just bored script kiddies, there is no shortage of people who will do whatever it takes to cripple an organisation or seek to make a quick buck. To make matters worse, there’s a very good chance your business is understaffed and under prepared for potential cyber attacks.  Smaller companies have all the same security needs as large enterprises but usually with only a fraction of the available IT security budget.

MDR-graphic.png

With Cythera’s MDR platform, none of that is your worry—it’s ours. Our security experts act as an extension of your security team, providing 24/7 detection and response in your environment for a low monthly fee. No truck rolls, no expensive hardware, this is Security-as-a-Service.

  • Powered by people who understand the difference between user behaviour and attacker behaviour, and have the time to focus on hunting and processing threat intelligence

  • Technology that understands your environment and can be automated to detect and respond.

  • A plan and a team with the experience required to solve your toughest problems.

  • Australian based security operators with a follow-the-sun model to hand over to team members around the globe.

Your organisation can finally have everything it needs to remain safe, without actually taking on much of the heavy lifting.

“MDR services give security teams the ability to find, investigate and remove attackers from the environment long before traditional security tools’ alarm bells ring.”

Forrester Research, Inc., “Now Tech: Managed Detection And Response (MDR) Services, Q2 2018,” April 26, 2018.

Cloud Delivered MDR

Powered by Rapid7, the Cythera MDR Platform is a cloud delivered service based upon the industry-leading technology of Rapid7’s incident detection and response solution, InsightIDR. InsightIDR combines user behaviour analytics, SIEM, and endpoint detection capabilities all in one place. Your data is securely hosted here in Australia and your MDR service can be up and running in days.

Detection-Methodologies.png

More than just a managed SOC

Most Security Operations Centres (SOCs) focus on known threats, which means as threats evolve, incidents can go undetected and unmitigated for months (and even years) allowing attackers to get comfortable within an environment and to wreak havoc.

During the initial 30 days of your service, you will work collaboratively with Cythera to ensure the successful deployment of your service. Combined with regular monitoring and hunting, this enables the team to detect and respond to threats quicker. You will meet with a threat Assessment Manager monthly to ensure your security plan is evolving with your needs, and if we do find something, our team has a one-hour SLA for notifying you. Reports produced are robust and have input from expert analysts.

We’re ready to pivot, so you’re ready to respond.


Incident Response

Great incident detection and response is more than what you know—it’s knowing what you don’t know, too. Unlike other SOCs and managed services, Managed Detection and Response incorporates four distinct threat detection methodologies to detect the unknown:

  1. Threat intelligence is gathered from Rapid7’s 5000+ customers and third-party intelligence groups, anonymised, and analysed to further automate threat detection and response.

  2. User behaviour analysis utilises knowledge of how regular users behave in order to spot anomalies, enabling more efficient insider threat and stolen credential detection.

  3. Attacker behaviour analysis allows rules to be put into place to automatically make decisions based on a familiarity with hacker behaviour.

  4. Hunting methodology employs complex data analytics to identify unknown threats.

These methodologies make it possible to validate threats before they’re reported with a nearly zero percent false positive rate.

User-and-Attacker-Behviour-Analytics.png

MDR Service Offering

The Cythera MDR Platform provides incident detection and response on applications, endpoints, and assets within your organisation, including those in the cloud. With Managed Detection and Response, you’re always prepared to deal with cyber-threats. If there is an incident, such as a breach, the team is ready to switch from detection mode to respond and act, and they will work closely with you to create a remediation plan tailored to your organisation. You will also be provided with a report containing an executive summary and in-depth analysis of the issue to make sure your organisation understands the incident. Additionally, this information is analysed to help fuel threat intelligence to increase speed in detection and response in the future.

In addition to containment and remediation recommendations included in Findings Reports, the MDR platform provides your business with two uncapped Incident Response escalations per year for critical incidents. Should we spot attacker activity within your environment, your Customer Advisor will immediately request escalation authorisation and, as per your contract, initiate our Incident Response (IR) team to fully scope, remediate, and mitigate the compromise.

Once you’ve transitioned to an IR escalation, our SOC and IR analysts will lead the technical analysis and triage the incident to identify the scope of the compromise, including: affected systems and user accounts, attacker command and control channels, malware, and any other artefacts related to the incident. The MDR team will use the information to determine the best course of action and begin IR activities, and continue to work with you and your team to collect forensic data and address the threat.