Deloitte has expanded its Managed Extended Detection and Response (MXDR) Deloitte platform to include enhanced cybersecurity industry intelligence, as well as four new modules for dynamic adversary intelligence, digital risk protection, threat hunting and mobile device security. .
“As the threat landscape continues to change rapidly, we want to offer our current and future clients access to what we call the ‘next generation’ of threat intelligence and threat hunting capabilities,” he said. said Curt Aubley, MXDR head of Deloitte and a Deloitte Risk & Financial Advisory managing director, Deloitte & Touche LLP. “With this new expansion of MXDR, we are focused on helping organizations take a more proactive defensive posture in their cyber programs — whether they choose to do so through our entire platform or using just a few of our MXDR modules. “
Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP, added, “We are constantly innovating our cyber offerings to help our clients with the confidence to prove themselves in future their security strategies with more result -based opportunities to manage dynamic threat risks wherever organizations are on their journeys.MXDR by Deloitte can help organizations do this by our commercial US, EU and FedRAMP-authorized capabilities supported by our 24x7x365 security operations centers. ”
A cloud native software as a service (SaaS) platform that delivers a platform of integrated and modular managed detection and response technologies and support capabilities-such as advanced, military-grade threat hunting, detection, containment, response and remediation services – Deloitte’s MXDR now includes:
- Cyber Security Intelligence (CSI) – An expansion of the platform’s core intelligence body of knowledge, CSI data now includes Deloitte’s own sources and tools, as well as CrowdStrike Falcon X automated threat intelligence, to provide actionable Indicators of Compromise (IoCs ), threat notifications, threat actor profiles, industry landscapes, automated sandbox analysis, as well as threat briefing requests for information (RFIs). Additionally, the expansion of the CSI module includes staffing a dedicated intelligence delivery manager to help further curate cybersecurity intelligence deliveries for each client based on the organization’s specific industry, geographic and other needs.
- Dynamic Adversary Intelligence (DAI) -The DAI module assists clients as they conduct over-the-horizon adversary investigations by using the open web without having to deploy sensors in a client environment and by collecting intelligence data from dark web, ransomware, cryptocurrency, and network enumeration of malicious actors in cyber and nation states. DAI investigations use passive collection methods that utilize global telemetry, industry-leading application programming interface (API) integrations, fine tradecraft, proprietary analytics of publicly available information and proprietary resources by Splunk component of MXDR by Deloitte. The module aims to help organizations improve relevancy and expand the data intelligence they use in security decision making.
- Digital Risk Protection (DRP) -The DRP module offers a channel through which organizations can follow their external “digital footprints” on the open, deep, and dark web, as well as on mobile apps and social media. It alerts organizations to threats such as potential intellectual property exposure, as well as when potential email, credentials, brand and other misuse are detected, so that security teams can focus on rapid detection. avoiding harmful and fraudulent activity that poses risks to their employees, customers and brand.
- Active Hunt and Response (AHR) -The AHR module offers the next level of active hunting capability, along with Deloitte’s own analytics and a new digestible, in-memory hunt sensor, offering a unique way to collect telemetry, interact and defeat opponents quietly. AHR can be deployed through the entire platform or as a stand-alone on-site capability for specific client mission needs, such as high-latency, low-bandwidth, or physically isolated network. The module builds on previous platform capabilities that deliver hypothesis, multiplication and retrospective threat hunting.
- Mobile Prevent, Detection, and Response (MPDR) -While mobile device management programs are struggling to keep up with the security needs for the expansion and diversification of on-network mobile devices, Deloitte has expanded the proprietary capabilities offered for mobile within the MPDR module. The module is now fully integrated with CrowdStrike Falcon for CrowdStrike’s Mobile Endpoint Detection and Response (EDR) and mobile threat defense (MTD). All of MPDR’s capabilities are aimed at helping clients improve visibility and prevent threat and detection on the mobile edge.
Previously available modules on the MXDR by Deloitte platform include: prevention, detection and remediation for endpoints; cloud security workloads; identity; insider threats, proactive hunting, intelligence, attack surface and vulnerability management; and unified XDR log and analytics management.
The alliances that were early in Deloitte’s MXDR operation were Amazon Web Services (AWS), CrowdStrike, Exabeam, Google Cloud Chronicle, ServiceNow, Splunk, and Zscaler. Upcoming iterations of the suite offering will include additional alliances, as the platform evolves along with client needs.