We covered the recent trends in cyber security and the rise of cyber threats in the previous article. We mentioned that attackers are becoming more sophisticated and their techniques and tactics becoming more advanced every year.
How to protect yourself effectively?
The solution is to focus on better threat detection and response to all types of threats, including proactive real-time protection of the business.
System4u MDR – modular service
Taking into account the flexibility and different needs of each company, we have prepared a modular cyber protection system that allows companies to scale their actual cyber defense needs.
At its core, it combines advanced threat detection technology with integrated analytics for classification, immediate first response and mitigation of security incidents.
It includes two basic pillars:
- System4u MDR (Managed Detection and Response)
- Security Direct Support, System4u Security Direct Support
We build the service above the components licensed in Microsoft 365 Business Premium or Enterprise plans.
Our solution assumes that a breach can be expected from anywhere, so it is built fully in line with the concept of Zero Trust Architecture. This distinguishes us from traditional approaches that focus solely on perimeter prevention of system infrastructure.
The concept of Zero Trust is far from new, but it still represents a modern and comprehensive approach to cybersecurity that is difficult to overcome. It is assumed that no user, device or network should be automatically trusted, regardless of whether they are inside or outside the organisation’s perimeter. Instead, trust must be continuously verified through strong access controls, multi-factor authentication and real-time monitoring of user and device behaviour. In today’s complex and connected world, where users and devices are increasingly mobile and threats can come from both inside and outside the organisation, perimeter defences alone are no longer enough.
1. System4u MDR
We have chosen a process and used “art of state” technologies that provide comprehensive protection against a wide range of cyber threats. In addition, we have developed our own package of integrated analytical rules and security response orchestration over the key technology component of our service, which is the SIEM (Security Information and Event Management) system in the form of Microsoft Sentinel and EDR/XDR (Endpoint Detection and Response/Extended Detection and Response), products from Microsoft. We have thus significantly expanded the possibilities of these tools, which are already among the absolute top solutions available on the market according to independent evaluations.
Microsoft Sentinel primarily collects and evaluates data related to system configuration and security levels from optional sources in your environment. This tool provides real-time analysis of security alerts with evaluation against the MITRE Attack® framework, allowing us to detect, proactively prevent. the security threats, and orchestrate responses to them across inputs from across your organization. With such an advanced system, the presence of machine learning features (UEBA/Fusion engine) and components using AI models will probably not surprise anyone.
EDR solutions from the Microsoft Defender family of products provide threat detection and response capabilities directly on endpoints such as your mobile devices, workstations and servers. We use them to monitor all related endpoint activity, detect suspicious behavior, and respond to threats in real time.
XDR extends this capability to provide a more comprehensive view of threats at the scale of the entire network, across the M365 ecosystem and other cloud applications, including online data stores, email and other user subsystems.
System4u MDR therefore continuously collects and evaluates system information and outputs in real time, such as details of ongoing network traffic, user account activity and permission usage, handling of the organisation’s digital assets, or endpoint security status parameters.
24/7 security monitoring is key. This includes monitoring all key elements of the IT infrastructure such as user identities and access rights, M365 and other cloud applications, all endpoints, industrial devices and digital assets. We immediately report identified threats and incidents so that your company’s IT security teams can proceed to the next step. This activity is part of a core module called System4u MDR Suite. For such reports, you can expect an expert classification of the incident, a situational analysis with an estimate of the risk of disruption, and a suggestion of a standard course of action in a given situation for first response and resolution, if not already initialized automatically. Of course, we also require an SLA commitment or the signing of an NDA to the contract.
Another benefit of the service is the complete management of system logs and the ability to store them in a completely separate environment on the client side, i.e. without the possibility of their disruption or deliberate modification by an attacker. All logs are retained for a minimum of 90 days with the possibility of further extension of the specified retention period.
Available modules
The following optional modules represent a comprehensive package of technical measures, monitoring methods, analytical methods and security risk assessment, including a framework for automating responses.
– System4u MDR Cloud Identity Add-on
– System4u MDR Endpoint Add-on
– System4u MDR Microsoft 365 Apps and Data Add-on
– System4u MDR Cloud Apps and Data Add-on
– System4u MDR On-premises Identity Add-on
We will discuss the specific breakdown of security coverage, features and benefits of each add-on module in a series of subsequent articles.
2. Security Direct Support
The second optional pillar of the System4u MDR service is direct technical support from our own team of cyber security specialists in the event of a security incident. The purpose of such support is to provide your IT team with full cooperation, expert advice and a proposal for a technical solution to an incident from its inception to the complete elimination of the associated security risk and follow-up. An integral part of this service extension is a monthly expert consultation on the overall level and strengthening of your organization’s security. We have availability in 8/5 or 24/7 model. The qualifications of the team that will take care of you are at the level of a cyber security specialist with the highest level of certification for all technologies used.
Author Petr Malina, Business Development Manager