Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Get to Know MXDR: A Managed Detection and Response Service for Microsoft Security

The Microsoft 365 E5 license gives users entitlements to numerous Microsoft Security products—so many, in fact, that as companies deploy the Microsoft Security suite, they may need a managed detection and response (MDR) service to get the most out of it.

Enter Trustwave Managed Extended Detection and Response (MXDR) for Microsoft, an MDR service built specifically for Microsoft Security customers.

An MDR service is intended to help customers manage the security tools they already have, notably endpoint detection and response (EDR) and security information and event management (SIEM) systems. In some cases, that includes properly tuning the EDR and SIEM tools to alert on issues that are truly important, as opposed to every potential threat.

Even then, keeping up with all the alerts such systems generate is a 24/7 job, and it again takes experience to determine which alerts truly warrant attention. Most organizations simply don’t have the security expertise in-house required to do the job well, so they turn to a managed detection and response vendor for help. By next year, Gartner predicts 50% of organizations will be using MDR services.

 

Microsoft Security products under E5

Take a look at the Microsoft E5 license , which includes at least 10 distinct security products, and it’s easy to see why so many companies need a helping hand.

It’s important to have visibility and the capability to detect and mitigate an attack across a complex attack chain. Microsoft makes this easy with a number of tools under the E5 license:

  • Defender for Office 365, which will detect when a user receives a phishing email or opens an infected attachment
  • Defender for Endpoint can detect if a laptop or other endpoint is infected with malware.
  • Defender for Identity is intended to prevent attackers from stealing user credentials.
  • Defender for Cloud Apps helps detect when an attacker who succeeds in stealing credentials is moving laterally through a network or attempts to steal data.

Collectively, these four Microsoft Defender products make up the Microsoft Defender XDR suite, which works in unison with Microsoft Sentinel, Microsoft’s cloud-native SIEM, to provide a unified security operations experience for alert investigation and response.

Once the SIEM starts issuing alerts, it’s up to your security team to vet the alerts, determine which ones represent credible threats to valuable business applications or data, and quickly determine effective response actions.

That’s where things can get dicey for most organizations. Expert resources must be on hand 24/7 to monitor for alerts and determine which threats are truly serious while avoiding alert fatigue—or trying to.

 

Anatomy of a cybersecurity attack

The bulleted list above represents the tools required to detect and mitigate a classic intrusion progression. A bad actor sends a phishing email and gets a user to open an attachment or click on a URL. That may result in installing malware on the user’s endpoint, perhaps a keystroke logger that helps the intruder steal a user’s credentials. At that point, the intruder can use those credentials to log on to whatever corporate systems the legitimate user is authorized to access.

While the intent of such an attack may seem clear when written neatly in prose, in real time it can come across as a series of discreet alerts from each security tool. Even if the SIEM succeeds in connecting the dots and issues appropriate alerts, someone has to recognize what the alerts mean and initiate an appropriate response to thwart the attack – even if it happens at 3 a.m. on a Sunday.

On top of that, to really take advantage of all the security tools, companies have to be able to correctly deploy, configure, and continuously optimize them. Again, a tall order.

To overcome these challenges and accelerate an organization’s capability to defend itself against a complex attack, Trustwave offers multiple cybersecurity services to help users get the most out of their Microsoft Security products.

Trustwave MXDR for Microsoft offers 24/7 extended detection, threat hunting, investigation, and response across endpoints, identity, cloud apps, and email with proven preventative configurations to minimize exposures by leveraging the proactive capabilities of Microsoft Security. MXDR Elite for Microsoft with Co-Managed SOC adds a mature methodology for effective co-managed security operations, frequent collaboration with Trustwave experts, and custom configurations and content.

If you’re paying for or considering the Microsoft E5 license, you owe it to your organization to understand your entitlements and get the most out of the included Microsoft Security products. Discover how Trustwave, a longstanding Microsoft Security partner, can help.

 

TW SS 4 MSFT

 

Latest Trustwave Blogs

De-Risk Technology Transitions and Save Money with Trustwave

With all the issues happening in cybersecurity technology lately, such as CrowdStrike’s software update that caused massive outages worldwide last week, it behooves all organizations to take a...

Read More

How Cybercriminals Use Breaking News for Phishing Attacks

Trustwave SpiderLabs issued a warning that threat actors may attempt to take advantage of CrowdStrike’s software update that caused widespread outages by using the news as the center of a social...

Read More

Trustwave Response: CrowdStrike Falcon Outage Update

Trustwave is proactively assessing and monitoring our clients who may have been impacted by CrowdStrike’s recently rolled-out update for its Windows users. The critical issue identified with...

Read More