Transcription
MANAGED DETECTION & RESPONSE (MDR)Azure Sentinel M365 DefenderIntegrated Cloud-Native Siem withCross-Domain Response and Threat Eradication
The State of Cyber SecurityThe digital economy is in full swing. Organizations are evolving fasterthan ever, adopting new technologies such as cloud services that aretransforming how they operate and creating new gaps in security.Cyber criminal activity is in full swing too!Today, more than ever, adversaries are creating new techniquesto launch attacks across an organization’s on-premises and cloudinfrastructure to evade detection and ensure they continue to stay onestep ahead of their victims.BlueVoyant is revolutionizingManaged Detection andResponse by increasing threatvisibility and expanding responseactions beyond endpoints.Security teams and service providers not only have to collect, triage,and investigate alerts, they have to be able to respond in real-time tostop sophisticated fast-moving malicious activities across an expandedecosystem of distributed networks and cloud-based services.Managed Detection and Response (MDR) services by BlueVoyantunify Microsoft’s cloud-native Security Information and Event Manager(SIEM), Azure Sentinel, and M365 Defender to allow a 360-degree viewof your attack surface across endpoints, on-premises infrastructure,identities, email, and cloud apps and enable cross-domain threatprevention and proactive threat hunting.2
Why BlueVoyantExemplary LeadershipGlobal FootprintCo-Founded in 2017 by F500 Executives and Formerofficials NSA, FBI, Unit 8200, and GCHQ, together withprivate sector experts.New York City (HQ), Maryland, Tel Aviv, SanFrancisco, London, Manila, and Latin America.Microsoft ExpertiseCloud-Native SOC-as-a-ServiceMember of the Microsoft Partner Network (MPN),Microsoft Cloud Solution Provider (CSP), Memberof Microsoft Intelligent Security Association (MISA),Microsoft MSSP Partner, and Microsoft Gold Partnerby July 2020.BlueVoyant Security Operations Center is 100%cloud-native allowing limitless flexibility and scale.Unlimited Live ResponseBlueVoyant’s SOC team provide near real-timeresponse through automation and experienceinvestigators 24 hours a day, seven days a week3
How It WorksManaged Security OperationsDeployment and ImplementationBlueVoyant’s Managed Detection and Response provides real-time,customized threat response and remediation - terminating maliciousprocesses, isolating devices, and manually preventing persistence andlateral movement associated with sophisticated attacks.Maximize your investment in Microsoftsecurity solutions with BlueVoyant to:BlueVoyant incorporates client-driven rules of engagement (ROE) toenable immediate, decisive action, utilizing analyst driven expertiseto stop threats that could cripple a network versus noncritical eventswhere a lower-tiered response may be appropriate.MDR services integrate proven frontline expertise, comprehensive threatdata analytics, and advanced technology solutions to deliver remotemonitoring and incident remediation utilizing Azure Sentinel, MicrosoftDefender Advanced Threat Protection by Defender for Endpoint, Office365 Advanced Threat Protection by Defender for Office 365, AzureAdvanced Threat Protection by Defender for Identity, and MicrosoftCloud App Security.Design and configure AzureSentinel cloud instanceConfigure and onboard log datausing Azure Sentinel built-inconnectors across cloud andon-premises sourcesCreate client-specific dashboarddesign and customizationCreate proactive threathunting playbookConstruct alertingscenarios to trigger casegeneration and investigationsIntegrate playbooks toenable automation4
BlueVoyant MDR OutcomesBlueVoyant ur Security StackEmailCloudEndpointsOn-PremAppsUsersAzure SentinelMicrosoftDefenderMicrosoftfor EndpointDefenderATPMicrosoftAzure ATPDefenderforIdentityMicrosoftCloud AppSecurityMicrosoftDefenderOffice365 forATPOffice oft DefenderAdvanced ThreatProtectionOffice 365 AdvancedThreat ProtectionOutcomeAzure AdvancedThreat Protection Transparency andAccountability Unified Visibility Hunt and StopNew ThreatsMicrosoft CloudApp SecurityA comprehensiveSafeguards yourUses Active DirectoryA scalable, cloudUnified endpointcross-SaaS solutionsignals to identify,native, securityplatform for preventative organization againstbringing deep ateinformationeventprotection,post-breachA scalable, cloud-native,security informationeventmanagementstrong data t (SIEM)automated(SIEM) platform providinga single solution fordetection,alert detection,threatand enhanced threatcompromised identities,links (URLs) andplatform providinginvestigation, andvisibility, proactive hunting,and threat response.protection to your cloudcollaboration tools.and malicious insidera single solution forresponse.Azure AdvancedThreatProtectionapps.actions directedat youralert detection, threatorganization.visibility,proactiveUses Active Directory signals to identify, detect, and investigate advancedMicrosoft Defender Advanced Threat Protectionhunting, and threatthreats, compromised identities, and malicious insider actions directed atUnified endpoint platformfor preventative protection, post-breach detection,response.Azure Sentinelautomated investigation, and response.your organization.Office 365 Advanced Threat ProtectionMicrosoft Cloud App SecuritySafeguards your organization against malicious threats posed by emailmessages, links (URLs) and collaboration tools.A comprehensive cross-SaaS solution bringing deep visibility, strong datacontrols, and enhanced threat protection to your cloud apps.5
BlueVoyant MDR powered byMicrosoft Security includes:24 x 7 Managed Detection and ResponseCustom CorrelationsReal-time monitoring of Azure Sentinel alerts with full-scaleinvestigations and response to security events supported byexpert Cyber threat analysts who operate 24/7, across multiplelocations within Security Operations Centers (SOC).Analyst developed unique searches, custom correlations,and tracking integrated with BlueVoyant threat intelligenceproviding contextual insights unique to your enterprise.Increased Visibility to Resolve Every AlertCollects and analyzes data from multiple data sources,including endpoint, email, user activity, and other thirdpartysecurity solutions, providing visibility into risks and threatsacross multi-cloud and hybrid environments.Cloud-Native MDR Protection with Speedand ScaleNear-limitless connectivity speed to security logs andscale delivered in the cloud without the time and cost ofappliance-based SIEM.Integrated Automation Enhanced with ExpertiseIntegrated cross-product automation layer that ingests allalerts generated to automate and coordinate prevention,defensive responses, and remediation across all platforms.Built-in Automation and OrchestrationIntegrated, proprietary playbooks designed to automateresponses, enabling the ability to fully automate routineoperations to recurring types of alerts and/or automatedresponses to specific alerts.CollaborationCustomers leverage Wavelength , BlueVoyant’s client portal, toaccess real-time information about alerts and investigations.Threat Intelligence IntegrationBlueVoyant threat intelligence amplifies and enrichescorrelations to create custom insights.HuntingBlueVoyant’s dedicated hunting team proactively investigatesactivity that standard detections can miss.Ongoing Building and Tuning ofAzure Sentinel AlertsSimplified implementation tailored to your uniqueenvironment, providing custom configurations and ensuringlimited operational interruption.6
Cloud-NativeMDR with Azure SentinelCloud-Native MDR with Azure Sentinel and MicrosoftThreat ProtectionArchitectureand OperationsModeland MicrosoftDefenderand OperationsModelClient EnvironmentOn-PremisesClient ExperienceClient’s at365 DefenderAzure ActiveDirectoryMicrosoft DefenderMicrosoft Defender ATPfor EndpointAzure & MicrosoftThreat ProtectionSpecific VisualsAssetsMicrosoft DefenderOfficeforOffice365365ATPEndpointsMicrosoft 365SecurityMicrosoftDefenderAzure ATPfor IdentityUsersOther CloudsAzure SentinelEmailThreatIntelligencePolicy Management &Tuning, Granular Response,Alert Status UpdatesCross SolutionInvestigation, sWavelength Portal24/7 Security OperationsCustomized Case ManagementThreat Response and EradicationCustom Rules of EngagementImplementationLogs7
The BlueVoyant Modern SOC is is a powerful solution that can incorporate security logs from theentire Microsoft security toolset as well as many third-party technologies.Rather than you sending us your logs and us sending you alerts back, our security experts will operate inside your environment,enriching incidents, raising alerts, and closing incidents, etc., directly within your Azure Sentinel environment, where you canwatch in real-time as we work to protect your company from threats.8
The BlueVoyant Modern SOC supports the entire Microsoft security suite, including:Microsoft Azure SentinelA cloud-based security informationand event management (SIEM) tool.Microsoft 365 DefenderAn extended detection and response(XDR) platform designed to nativelyintegrate with Azure Sentinel. (Thisincludes all Microsoft 365 Defenderservices - for Endpoint, Office 365,Identity, and Cloud App Security).Microsoft Azure DefenderA platform that provides XDRcapabilities for infrastructure andcloud platforms including virtualmachines, databases and containers.BlueVoyant Modern SOCMICROSOFT SECURITY TOOLSSIEM Azure SentinelAzure Defender365 DefenderXDR Microsoft DefenderSERVICESConsulting &ImplementationPlatformManagementManaged Detection& Response9
About BlueVoyantBlueVoyant is an expert-driven cybersecurity services company whose mission is to proactively defendorganizations of all sizes against today’s constant, sophisticated attackers and advanced threats.Led by CEO Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officialswith extensive frontline experience in responding to advanced cyber threats on behalf of the NationalSecurity Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts.BlueVoyant services utilize large real-time datasets with industry-leading analytics and technologies.Founded in 2017 by Fortune 500 executives and former Government cyber officials and headquartered inNew York City, BlueVoyant has offices in Maryland, Tel Aviv, San Francisco, London, and Latin America.To learn more about BlueVoyant, pleasevisit our website at www.bluevoyant.comor email us at contact@bluevoyant.com031821
Advanced Threat Protection Unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response. Azure Sentinel A scalable, cloud-native, security information event management (SIEM) platform providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
