Verizon Managed Detection and Response

Comprehensive analytics core covering:

• User activities and insider threats (UEBA)
• Threat hunting
• Network security monitoring and Endpoint (EDR) integration

New data strategy with well-defined list of log sources:

• Supported event source lists available during pre- and post-sales
• Regularly updated
• Coverage of market leaders

New, flexible pricing model

• Per user and/or volume

Separate core detection from optional services and features:

• Long-term log storage: 1-year log retention.
• Ad-hoc log querying and dash-boarding.
• Log sources: Content base with detection rules that are meant to be configured per-customer basis, e.g., tuning of rules that take high-value targets or critical assets into account when determining risk (Note: No custom content rules are supported!).
• SOC triage, investigation, escalation, and response assistance (done by the same team).

Flexible response options ranging from:

• For even greater flexibility, full CSIRT can be purchased alongside MDR, which provides dedicated response analysts and full access to customer network for customized response capabilities.
• Native integrated incident response as part of MDR offering.

API-driven integrations for additional flexibility:

• Active directory
• Asset and vulnerability management solutions
• Orchestration
• ITSM / ticketing

Adjustment and service capabilities via communication with Client Security Engineer (CSE):

• Simplified on-boarding
• Detection policy tuning
• Triage and escalation
• Custom log source support