Verizon Managed Detection and Response

Risk-driven investigation & response

Cloud-based SaaS analytics platform with incident detection based on:

• Log data
• Threat intelligence data
• External enrichments
• Internal enrichments

Comprehensive analytics core covering:

  • Network security monitoring and Endpoint (EDR) integration
  • Threat hunting
  • User activities and insider threats (UEBA)

New data strategy with well-defined list of log sources:

  • Supported event source lists available during pre- and post-sales
  • Regularly updated
  • Coverage of market leaders

New, flexible pricing model

  • Per user and/or volume

Separate core detection from optional services and features:

  • SOC triage, investigation, escalation, and response assistance (done by the same team).
  • Log sources: Content base with detection rules that are meant to be configured per-customer basis, e.g., tuning of rules that take high-value targets or critical assets into account when determining risk (Note: No custom content rules are supported!).
  • Ad-hoc log querying and dash-boarding.
  • Long-term log storage: 1-year log retention.

Flexible response options ranging from:

  • For even greater flexibility, full CSIRT can be purchased alongside MDR, which provides dedicated response analysts and full access to customer network for customized response capabilities.
  • Native integrated incident response as part of MDR offering.

API-driven integrations for additional flexibility:

  • Active directory
  • Asset and vulnerability management solutions
  • Orchestration
  • ITSM / ticketing

Adjustment and service capabilities via communication with Client Security Engineer (CSE):

  • Simplified on-boarding
  • Detection policy tuning
  • Triage and escalation
  • Custom log source support