FAQ

Top Managed Detection and Response Questions and Answers

What is MDR?

 

 

I’ll start with the Gartner definition: MDR services provide you with remotely delivered modern security operation functions. This allows you to quickly detect, investigate and actively respond to threats through threat mitigation and containment.

An MDR provider can work as your security operations team or be an additional resource to your current team to stop threats from getting in.

With Pondurance MDR, you’ll get a dedicated team of U.S.-based elite analysts working 24/7 to protect your business from cyber threats, while reducing the number of alerts your team has to handle.

We have the technology and people, and we integrate with your existing team and tools, and work to continuously reduce your cyber risk over time.

Our team can be up and running in weeks, accelerating your plans while maximizing your resources and budget.

How do we get 24/7 coverage from your MDR services?

 

 

Pondurance’s security analysts are U.S. citizens based in the United States We work in shifts to operate 24/7.

Our security operations centers (SOC) are powered by highly skilled analysts, threat hunters, and incident responders that are always available to respond.

We know it’s difficult to find and retain the right security talent, but we are able to compete for the best talent in the industry. We make our experts available to you with our services.

Why should I choose Pondurance MDR over other services?

 

 

There are many providers on the market and many options when shopping for a cybersecurity solution. With Pondurance MDR:

  • Your data is your data, and you have full access to it at all times. This means you get access to the same SIEM tools as our analysts.
  • We provide guided personalized recommendations tailored to your specific cybersecurity needs. We’re not one size fits all!
  • All of our analysts are U.S. citizens and our SOCs are based in the U.S. Your data will never leave the US border.
  • Our strong cybersecurity consulting practice enhances your MDR because we know the difference between compliance and security
  • We integrate with your existing security control investments so you don’t need to rip and replace!
  • We will also provide end-to-end management of leading endpoint detection and response platforms, like CrowdStrike and SentinelOne.

If you want more information on how we can fit with your current set-up, reach out to us to talk to an expert. No hard sells. We promise!

Can we use our own endpoint detection and response vendor with your services?

 

 

When you sign up for our MDR services, you have a couple of options for managed endpoint detection and response vendors.

You are welcome to keep your existing solution as we can ingest data from leading endpoint detection and response (EDR) platforms and create alerts. OR you may want to use one of our endpoint detection and response solutions that provides real-time analysis conducted by trained individuals who can find things that tools tend to miss. Either way, your endpoint data is covered with our MDR services.

Can you log data from on-premises and cloud?

 

 

Yes! We can ingest data across endpoint, network, log and cloud environments. 

This includes: 

  • Remote laptops, tablets, mobile devices and desktops
  • Data centers
  • Machines in your office
  • Data from cloud environments like AWS, Azure and Google Cloud Platform
  • Software-as-a-service data
  • Office 365 data 

We call this 360° visibility as we can ingest any data you would like us to monitor for a potential threat! With this added security, you will truly have a modern security program.

Can you monitor Office 365 and OneDrive data?

 

 

Yes! We can integrate with your Office 365 and OneDrive instances to detect, investigate and respond to threats.

We can provide you with details into security events, user logins, failed user logins, logins from other countries, any invitations that were shared, new inbox rules created, any rule sets that were forwarded, and impossible travel activity to name a few.

There’s quite a bit of data that we can pull from Office 365, share it with you as a dashboard and be the first line of defense if there is ever an incident.

Do I need to take action for incident notifications, or do you take any steps on my behalf?

Our MDR platform, SCOPE, analyzes billions of events, surfacing any perceived threats to our analysts for confirmation and validation.

Since perceived threats are generated by technology, which is not always 100% accurate, we have real live U.S.-based human analysts review them. They use their knowledge and tool sets that are unavailable to automated systems.

Analysts verify each perceived threat as either a false positive or an actual threat. Only the actual threats are reported to you, greatly reducing your alert fatigue.

All actual threats are communicated to you through SCOPE with insights and context describing what was found, where it was found, how it was found, and what needs to happen next.

If there is a preapproved response action, we will take it immediately. Often, that’s containment of a device to stop the spread of a threat. No one wants to let a ransomware attack sit untouched!

If needed, we also provide full incident response services for any declared events as well as an option for an incident response retainer.

When seconds count, we’re there to combat any threats.

Does your MDR service provide proactive guidance of steps to take in case of new vulnerabilities like log4j?

Yes! We want to make sure that you are in the loop every step of the way and that includes proactive guidance on widespread vulnerabilities.

Our dedicated team of security analysts is always researching new threats and vulnerabilities. The team sends detailed communications with steps necessary to keep your organization protected. This is all communicated through SCOPE.

Don’t have time to check SCOPE every day? No problem! You will receive an email notification as well.

For clients that subscribe to our vulnerability management service, we are able to pinpoint instances of the vulnerability in your environment and guide you through remediation.

You’ll never be left in the dark when it comes to emergency patches and timely notifications about widespread threats.

How long does MDR take to implement?

We know that you want to get up and running with MDR quickly!

Once you sign up with us, you will be assigned to one of our implementation teams with both project management and technical professionals. They will quickly and efficiently get you up and running in about four to six weeks.

During this time, we provide all tools, analytics, cloud setup and account access, and we’ll walk you through internal deployments of hardware and virtual components including log forwarders and agents.

You’ll be up and running quickly and will enjoy the added security of Pondurance MDR!

Cyber Risk Assessements Powered by MyCyberScoredcard

 

Faced with rapid technological changes, cyber threats, and regulatory mandates, organizations are turning to skilled experts and assessment processes to help build a strong, risk-based cybersecurity program. 

But what is a cyber risk assessment, and how does Pondurance utilize MyCyberScorecard to conduct risk assessments? Learn about the process, benefits, and platform in our Cyber Risk Assessments FAQ.

What is a cyber risk assessment powered by MyCyberScorecard?

Cyber risk assessments analyze and visualize potential cybersecurity gaps to help make key remediation recommendations. With Pondurance experts utilizing the MyCyberScorecard platform, you get an all-in-one solution built on NIST industry standards that delivers streamlined and efficient cybersecurity assessments aligned with regulatory standards and compliance requirements.

What are the benefits of cyber risk assessments?

  • Quickly and easily identify areas to improve your cybersecurity and compliance programs.
  • Collaborate with policy, system, and business owners to bridge the gap between policies, controls, and operations.
  • Make more informed decisions, track compliance to minimize the risk of regulatory penalties, and build trust among key stakeholders and cyber insurance underwriters.
  • Lay the groundwork for comprehensive assessments such as NIST CSF, NIST 800-171, HIPAA, CMMC, NYDFS, NAIC, Third-Party Vendor Risk, and more.

What are the benefits of conducting risk assessments with MyCyberScorecard?

  • Complement full assessments with access to MyCyberScorecard for continuous risk reduction by conducting your own assessments and mitigating risk over time
  • Easy-to-use interface and dashboards
  • Streamlined workflows and robust analytics
  • Comprehensive views of low-, medium-, and high-risk MyCyberScores
  • Hundreds of built-in security and compliance policies
  • Role-based user access control
  • Continuous improvement in cyber risk with self-assessments and audits
  • Interactive reporting that is easy to export to communicate with senior management effectively

Gaining a holistic understanding of your cyber risk posture starts with a Rapid Risk Assessment—our cyber experts and ready to help you in as little as four hours of your time.

Contact us to get started!