Verizon Managed Detection and Response

Comprehensive analytics core covering:

• User activities and insider threats (UEBA)
• Threat hunting
• Network security monitoring and Endpoint (EDR) integration

New data strategy with well-defined list of log sources:

• Coverage of market leaders
• Regularly updated
• Supported event source lists available during pre- and post-sales

New, flexible pricing model

• Per user and/or volume

Separate core detection from optional services and features:

• SOC triage, investigation, escalation, and response assistance (done by the same team).
• Log sources: Content base with detection rules that are meant to be configured per-customer basis, e.g., tuning of rules that take high-value targets or critical assets into account when determining risk (Note: No custom content rules are supported!).
• Ad-hoc log querying and dash-boarding.
• Long-term log storage: 1-year log retention.

Flexible response options ranging from:

• Native integrated incident response as part of MDR offering.
• For even greater flexibility, full CSIRT can be purchased alongside MDR, which provides dedicated response analysts and full access to customer network for customized response capabilities.

API-driven integrations for additional flexibility:

• ITSM / ticketing
• Orchestration
• Asset and vulnerability management solutions
• Active directory

Adjustment and service capabilities via communication with Client Security Engineer (CSE):

• Simplified on-boarding
• Detection policy tuning
• Triage and escalation
• Custom log source support