A predictable monthly fee to actively manage and monitor your IT security posture. Our SecOps team will custom design a suite of products and solutions to meet your security and compliance needs.
An extensive suite of products that include Zero Trust access, Email Security including attachment sandboxing, Anti-phishing, Anti-spoofing, DNS security, EDR, MDR, and XDR products.
EDR, MDR, XDR: Understanding the Differences
Understanding your unique business, IT, and regulatory compliance requirements and comparing that to the differences between endpoint detection and response (EDR), managed detection and response (MDR), and extended detection and response (XDR) will help you navigate through the technology and security provider selection process.
EDR is software designed to help organizations identify, stop or prevent, and react to threats or attacks that manifest through endpoint devices (mobile, laptops, desktops, tablets, etc.) that have bypassed other defenses. Like other endpoint security software, EDR is deployed by installing agents on endpoints and can be managed through locally deployed software (on premise) or via a cloud-based portal (software as a service).
EDR solutions can detect threats that are designed to evade regular antivirus software. They’re ideal for companies that have a remote workforce or that have a critical need to constantly protect and monitor distributed endpoints. According to Gartner, more than 50% of enterprises will replace legacy security software with EDR solutions and endpoint protection platforms (EPP) by the end of 2023.
The majority of EDR offerings that are being sold in the market today can only ingest logs and security events from the devices that their software agents have been deployed on. This means the EDR platform’s ability to detect, protect-stop, and respond to attacks and threats across the entire network is limited to endpoints. This results in partial security monitoring, detection, and response and can leave other areas of the IT network open to attack.
MDR is an advanced managed security service that includes 24/7 monitoring, alerting, and threat or attack response support provided by highly trained, experienced, and certified security operations center (SOC) staff. These resources typically leverage a security information and event management (SIEM) platform that ingests and correlates log files from various IT devices across the network, including mission critical applications and 3rd party cloud environments. The SIEM enables the security operations team to discern between what is a real threat and what is not (a false positive). This is accomplished by integrating third party threat intelligence and feeds (from the industry and federal agencies) into the SIEM, where the indicators of compromise (validated threat and attack intelligence) is combined and compared to the log files being generated from within the client’s environment. The underlying hardware, SIEM and ticketing software, and operational processes and procedures are outsourced (at a fraction of the cost of building this capability internally) and is typically maintained by a managed security services provider (MSSP), like Symphona Technology.
Advanced MSPs like Symphona Technology go beyond basic monitoring, alerting, reporting and response services and can provide advanced threat research, forensic analysis, proactive threat hunting, customized reporting, analytics, intelligence, and incident analysis and response support to help remove risk from the client’s environment or to recover from an attack or breach.
XDR is a term developed by analysts such as Gartner and vendors within the industry to describe SaaS-based threat detection and incident response platforms that leverage analytics and automation to detect, hunt, and validate current and future threats across your network and systems. XDR is often a vendor-specific platform that integrates numerous security software platforms and services and that brings all of those components together under a single solution.
These XDR solutions take you beyond just EDR and other typical detective controls by providing a full view of threats across your organization. They use a combination of automation and machine learning to provide security teams with reliable, context-rich alerts.
Our SecOps team lead has 20+ years of expertise in security consulting services for financial institutions, including:
Your employees represent the greatest risk to your security ecosystem. Threat actors know this and have been exploiting it for years using various techniques and attack vectors.
Many clients require risk assessments or an evaluation of current security requirements as dictated by some level of governance. Whether insurance cyber-liability or compliance standards such as HIPAA, our SecOps team will assess those requirements to determine the ability of currently deployed solutions to meet those requirements. These engagements are fixed-fee and range from hours to weeks for completion.
Our Security assessments look for issues such as active directory misconfigurations, external access controls, email security, firewall configuration, wireless access controls, and more.
We use Nessus scanners and other tools to identify vulnerabilities in critical servers, network hosts, and even workstations. Periodic vulnerability scans are critical in ensuring specific areas of your system aren’t at risk.
Most clients engage with us to perform vulnerability assessments on a weekly, monthly, or quarterly basis. Each SOW includes post assessment analysis, reporting, and a remediation plan to resolve each issue.
A penetration test is a simulated cyberattack against a computer system to find exploitable security vulnerabilities. Our SecOps team meets with you to determine which techniques will be useful for each engagement. We then build a unique scope of services for each client engagement. Deliverables include follow-up.
Our SecOps team works with our infrastructure team to build authentication solutions designed to provide additional layers of security for accessing data and email. If you are not currently using 2FA/MFA with your VPN or Office365, we can build and implement a solution within days. If you have corporate owned devices or BYOD, we strongly recommend protecting corporate data on those devices with the addition of one of our Mobile Device Management (MDM) solutions.
As part of our proactive support plan, we implement Auvik monitoring tools to manage, maintain, and back up your critical firewall configuration. This solution includes firmware updates and capacity planning.