We’re MDR For startups. We do MDR differently, and don’t pretend that its for everyone. We’ll already have a close relationship with our MDR clients, and have some level of influence over how your technologies are hardened, configured, and how logging is handled. We deploy a SIEM dedicated to you along with our detection rules. All our workflow, processes, and detection rules are built around our preferred SIEM platform. If you’re using a different SIEM, or want to co-manage the SIEM, we can recommend other companies' services to you.
We focus on high-fidelity alerts. Don’t expect to receive dozens of emails a day, or monthly reports feigning to have protected you from millions of attacks. We prioritize data sources we want logs from, have specific settings to receive that data optimally, and in exchange, we have high-quality well-tested detection rules and a skilled team that reviews each escalation. We do not default to escalation. Our goal is to NOT escalate. We want to eliminate all noise so that when you see an MDR email from us, it catches your attention, and shows what actions have already been taken on your behalf.
When you hire us, you’ve decided that you want SIEM and incident response to be our problem, and we’ll do our best to make you proud of that decision.
We have a lot of software development experience, and invest the time to automate analysis, response, and escalations as much as possible. Many MDR companies have a “butts in seat” model that depend on low cost junior labor to sift through thousands of alerts, which are often grossly untuned. We could tell you horror stories of some MDR companies' rules and processes we’ve seen. We have a “software first” approach where decisions and analysis are expressed in code, and escalated as a last resort. When escalation occurs, an experienced engineer takes ownership and sees it through until conclusion.
Our MDR service is tightly integrated with our DFIR service. Our MDR clients will typically be DFIR retainer clients and allow us to initiate DFIR once trust in our team’s judgment is established.
Our MDR service is also tightly integrated with our Red Team services. Our Red Team is passionate about quickly discovering new attacks, techniques, and exploits so we can re-purpose them on our own attack campaigns and protect our clients. When new TTP or exploits are repurposed by the Red Team, they work directly with the MDR service to create detections that are rolled out to all our customer’s SIEM instances.
Make MDR and SIEM our problem. Start today by visiting our contact us page to start the conversation.