MANAGED DETECTION AND RESPONSE
Frequently Asked Questions
Mindful MSP Managed Detection and Response solution is delivered by the Mindful MSP Security Team, built on state of the art detection algorithms. It provides 24×7 monitoring of your networks, endpoints, and cloud environments, along with a managed approach to detection, response, and recovery from modern cyber threats through managed triage and support services—guiding you along every step of your security journey.
Mindful MSP MDR takes a more predictable and understandable approach to providing you with security operations coverage. Unlike alternatives that charge based on event or log volume or license capabilities separately, foundational technologies such as endpoint agents, unlimited log retention and search, and external network scanning are included as part of the core MDR offering. The MDR approach is to provide coverage across your attack surface based on number of users, servers, and internet egress points —providing coverage that grows along with you as your organization grows.
Security operations experts are paired with you to get you up and running quickly with the Mindful MSP MDR service. Your expert works with you to learn your network topology, configure and deploy Mindful MSP Sensors, Agents, and cloud connectors to monitor your cloud environment. Your expert also works with you to configure your external scans, alert thresholds, country whitelisting, and more to customize the service directly to your environment.
Yes, your security operations expert works directly with you to create custom rules unique to your environment, in addition to the included out-of-the-box detection capabilities. Alerts can be tuned based on threshold, criticality, and several other factors with your security expert based on the unique needs of your organization.
Yes, The Mindful MSP Cloud Monitoring solution works with Managed Detection and Response to collect telemetry and other insights from your SaaS applications such as Office 365 and IaaS cloud environments such as AWS, Azure, and Google Cloud.
When suspicious activity is observed by Mindful MSP, an incident is automatically created by the security team to investigate further. Important details about the incident are included, such as the site(s) and system(s) affected, a description about the activity, when it was detected, etc. Resolution information about why this incident was created and how to remediate is also included and managed by your security expert until the incident is closed.
Your security expert works with you to tailor the Managed Detection and Response solution to the specific needs of your organization. They provide support at the initial deployment phase, as well as strategic guidance on creating new rules, adjusting existing configurations, alert thresholds and how incidents are triaged.
The Mindful MSP platform collects, enriches, and analyzes data from a broad array of sources across your networks, endpoints, and cloud environments. Leveraging several detection engines, various sources of threat intelligence, and machine learning, this broad dataset is further analyzed to identify suspicious activity to raise incidents that are further investigated by your security expert to eliminate false positives.
Yes, when a critical incident is discovered, your security expert works with you to initiate the Managed Containment workflow. This capability is designed to stop the spread of threats across your environment by isolating the threat at the network and host-level.
Due to significant alert fatigue produced by the multitude of security products, IT teams often find themselves stuck in a reactive state of responding to threats with no time to be strategic. Your security expert is your single point of contact for your Mindful MSP Managed Detection and Response solution and serves as your trusted security operations expert, helping you to proactively mitigate security incidents through:
- 24×7 monitoring
- Alert triage and prioritization
- Custom protection rules
- Guided remediation
- Detailed reporting and audit support
- Ongoing strategic security reviews
When an issue is found, personalized workflows trigger investigations that your security expert further analyzes to assess the severity of the threat. Tickets are created for critical events and the end-to-end workflow from detection to response is managed by your security expert. Not only does the your expert work directly with you on detection and response, they provide remediation and validation that the threat has been neutralized and hasn’t returned.