Verizon Managed Detection and Response
Risk-driven investigation & response
Cloud-based SaaS analytics platform with incident detection based on:
• Log data
• Threat intelligence data
• External enrichments
• Internal enrichments
Comprehensive analytics core covering:
- Network security monitoring and Endpoint (EDR) integration
- Threat hunting
- User activities and insider threats (UEBA)
New data strategy with well-defined list of log sources:
- Supported event source lists available during pre- and post-sales
- Regularly updated
- Coverage of market leaders
New, flexible pricing model
- Per user and/or volume
Separate core detection from optional services and features:
- SOC triage, investigation, escalation, and response assistance (done by the same team).
- Log sources: Content base with detection rules that are meant to be configured per-customer basis, e.g., tuning of rules that take high-value targets or critical assets into account when determining risk (Note: No custom content rules are supported!).
- Ad-hoc log querying and dash-boarding.
- Long-term log storage: 1-year log retention.
Flexible response options ranging from:
- For even greater flexibility, full CSIRT can be purchased alongside MDR, which provides dedicated response analysts and full access to customer network for customized response capabilities.
- Native integrated incident response as part of MDR offering.
API-driven integrations for additional flexibility:
- Active directory
- Asset and vulnerability management solutions
- Orchestration
- ITSM / ticketing
Adjustment and service capabilities via communication with Client Security Engineer (CSE):
- Simplified on-boarding
- Detection policy tuning
- Triage and escalation
- Custom log source support