• Trustwave’s Managed Detection & Response (MDR) for Endpoints is the industry’s most comprehensive service available, combining best-of-breed technology choices with a multi-tiered service delivery model featuring proactive threat hunting which continuously monitors all endpoint activity in real-time to detect and respond to advanced threats that evade traditional security defenses and threaten your business.

Overview

  • Fully Managed EDR

    The increasingly sophisticated nature of rapidly evolving cyber threats has placed additional emphasis on the need for real-time visibility and control of endpoints. Today, cybercriminals are leveraging advanced attack toolsets and techniques that can evade most perimeter solutions and have outpaced the capabilities of many traditional endpoint security solutions as well. In response to this trend, security product vendors have created a whole new category of endpoint detection and response (EDR) solutions designed to address this need, but these new tools are often difficult to deploy, manage and monitor particularly at scale in large to mid-sized organizations. Trustwave has designed a fully Managed Endpoint Detection & Response service in order operationalize these new capabilities much more effectively on our customer's behalf, realizing the full potential of EDR.

    In Depth Monitoring & Recording

    SpiderLabs Proactive Threat Hunting

    MDR for Endpoints leverages our global SpiderLabs threat intelligence and behavioral analytics, but goes even further by incorporating proactive threat hunting as part of our service delivery.  This provides the hands on, human skills factor of SpiderLabs expertise in order to detect and validate threats much more quickly against a broad array of indicators of compromise (IOC)s and malicious activities. The net result is significantly reduced attacker dwell times, detecting and mitigating threats before they can cause widespread damage, saving your IT team untold hours of remediation downtime and re-imaging of systems.

    Up to the Minute Threat Intelligence

    Our Managed EDR service is delivered from a cloud based management system and supported by a three-tiered complement of threat analysts, incident response analysts, and Intel analysts. These security analysts work together collectively on your behalf to ensure that the service has up to the minute global threat intelligence from SpiderLabs, threat analysts who can recognize these evolving threats in your environment and incident response handlers who can work with you to eradicate these threats if and when they arise.

Benefits

  • Regain control of your endpoints with real-time visibility as well as flexible control options which allow you to proactively detect attacks, rapidly identify malicious activity and terminate unauthorized behaviors before they negatively impact your operations. Our security analysts leverage real-time endpoint analytics and proactive threat hunting techniques to fully assess the scope of an attack and advise you on the spread of lateral movement within your network, pinpointing specific systems that may require additional remediation.

    • Proactive threat hunting with highly skilled, hands-on expertise
    • Disrupt your attackers before they gain a foothold into your operations
    • Flexible incident response and investigation options via policies you define
    • Reduces IT costs for unnecessary reimaging and remediation of infected host systems
    • Gain complete endpoint visibility with detailed logging and analytics
    • Technology choice between best-of-breed EDR solutions for optimal fit
    • Free your internal team to focus on other security objectives or business enabling activities

How It Works

  • A light-weight agent is installed on the endpoint feeding detailed security context up to the Trustwave secure cloud and then advanced analytics are applied to uncover potential early IOCs. From there Trustwave security analysts take over and respond to any validated alerts, engaging the customer’s team when necessary for any extended on site remediation actions if needed.

    MDR for Endpoints is delivered from a cloud based management system and supported by Trustwave Global Threat Operations and SpiderLabs Research teams which includes threat hunters, incident response analysts, and Intel analysts. The key roles each of these members includes:

    Intel Analyst

    Responsible for global threat monitoring and maintaining of Trustwave specific threat feeds and Indicators of Compromise (IOCs) used for customer site monitoring and endpoint detection operations.

    Threat Hunter

    Responsible for customer specific threat monitoring and execution of proactive threat hunting techniques to validate system alerts and determine the extent of compromise throughout the network and systems involved. Looks beyond the alerts for unusual activities and threat variants.

    Incident Response Analyst

    Responsible for ongoing and extended response operations in coordination with the customer in the event of a widespread attack. Potential response operations may include:

    • Process or file blacklisting on the endpoint(s)
    • Endpoint(s) quarantine or user account lockout
    • Remote shell on the endpoint for forensic operations
    • File / tool download to the endpoint
    • File or memory process deletion
    • Other solution specific options (product vendor specific)