“XDR-service maps attack chain and reduces response time”
Earlier in this series, we talked about SecWise’s Watch SOC service. That allows customers to also proactively engage with their digital security. Before customers can join that service, they must reach a minimum cybersecurity maturity level. This can be done through SecWise’s Defender and XDR services, where customers are given the choice of how far they want to go in terms of cybersecurity. Thomas Verheyden, Technical Lead within the Detect Team, explains below why any company can use such an XDR service.
XDR stands for extended detection and response. The service brings together analytics from different security solutions and looks for links between them. By collecting and analysing the various data from emails, endpoints, cloud workloads and networks, it can visually map the entire attack chain. A great value for security teams who can thus focus on the problem faster and eliminate further consequences. This can also limit the scope of an attack.
SecWise mainly works with the Microsoft Defender XDR suite for their customers’ security. By implementing the same kind of solutions everywhere, you can improve cooperation between them. A programme like XDR can therefore make better connections between those different solutions, and guarantee the same security everywhere. Because everything is visible in one portal, even small IT teams can quickly detect and resolve potential attacks.
The big advantage of XDR lies in its scalability, which means it can be implemented for both small and large companies. SecWise has three different standard packages: Light, Elevated and Advanced. Because the routes consist of different steps, an organisation can also choose to develop a package tailored to their business. Some of the most commonly used solutions within the three pathways include:
- Defender for O365: This includes checking attachments, malware, anti-phishing and spam mail.
- Defender for Endpoint: This includes both detection and prevention of malware on laptops or computers. This option is scalable, and customers choose how far they want to go in this.
- Defender for Identity: is a cloud-based security solution that uses local Active Directory signals to detect identity attacks, among other things.
- Defender for Cloud Apps: Through this service, you can monitor what sites employees are visiting, for example, and possibly block them too if necessary.
- Microsoft Sentinel: Sentinel is a SIEM (Security Information and Event Management) with intelligent security analytics driven by AI. It gathers data from various security products, and creates its own analysis from them. It is also possible to create your own detection rules. It also possesses various SOAR (Security orchestration, automation, and response) capabilities
With every project, SecWise first holds a kick-off meeting. In it, we explain who we are and what new technology we want to implement. For each product we propose, we organise a workshop where we explain why the installation of the product is necessary, and how it works. For us, it is important to give our customer advice on the products we install so that they better understand why those services are needed.
One of our own services is our CONNECT Health Check. Every quarter, we check whether everything is still configured properly. If new functionalities have been added in the meantime, we check them and pass on any recommendations to the customer. These can range from superfluous licences that need to be removed to security solutions that have been set up incorrectly or require extra tuning.
Those who like to go in for continuous monitoring of their security after this offering can subscribe to Secwise’s Watch Service. In addition, with SecWise Care, we also offer a security support service where organisations can still ask questions, and be helped by someone with the right knowledge. For more information about our XDR offering, you can leave your details here.