MDR: Managed Detection and Response
Our Managed Detection and Response (MDR) service combines a dedicated team of engaged experts with next-generation technologies to provide real-time threat detection, investigation, and response. Machine Learning, Advanced Analytics, and Integrated Threat Intelligence accurately identify threats, and Security Analysts perform complete event investigations, freeing your IT resources from the burden of false positives.
Purpose-built for highly-regulated networks, our MDR service is designed to facilitate rapid and accurate confirmation while ensuring only incidental access to confidential information. In the case of an actual incident, our team produces specific Incident Action Plans (IAPs) to stop threats, minimize damages and reduce recovery time.
No network is 100% secure, and preventive security techniques, while essential, are no longer sufficient against the increasing sophistication and frequency of cyber-attacks. Our team extends your team and technologies, providing deep expertise aligned to your organization’s unique exposures.
Our team installs our information security hardware into your network without any interruption of network functionality.
Our Critical Insight software monitors your network 24×7, searching for anomalies and suspicious activity.
When a potential threat is identified, Critical Insight alerts our team of cybersecurity experts.
Our experts investigate the abnormality that Critical Insight identified.
We initiate a response to the breach in the manner that best secures the network and ensures the failure of similar threats in the future.
When an event has been mitigated, we help minimize costs by quickly closing the incident and then continue to monitor ongoing risks.
Our algorithms process network event data to identify:
- Statistical anomalies
- Interaction with known malware distribution or criminal command and control sites
- Signature-based events from the intrusion detection Critical Insight Collector
- Correlation of multiple suspicious events
- Significant periodicity in signals
Our machine learning “remembers” every question asked of the data, and this is used to automate those queries that yield results.
Utilizing elastic scalability, machine learning, and advanced data indexing algorithms, we are limited only by the amount of data you can provide to us. We grow as large as we need to be, and we do not lose processing capabilities as we scale. Our learning approach allows Critical Insight to become continuously more powerful and faster as data is ingested and processed.
Our security experts investigate an incident to confirm it is a true threat. Once confirmed, the analyst prepares and communicates a customized Incident Action Plan (IAP) and interfaces with your staff in a pre-designed incident response process to quickly address the compromise. Incidents are addressed quickly so that actual damage and loss are averted or minimized. This process eliminates false-positives to give you an actionable plan for a confirmed threat.
Availability of full packet capture at the collector allows our analysts to “replay” events under investigation for 100% incident confirmation and 0 false positives. Once an incident has been confirmed, we can go “back in time” and determine if any other compromises occurred prior. We can replay all that happened, often down to the mouse-click.
Critical Informatics has successfully completed a Type 1 SOC 2 examination, performed by an independent CPA firm. The examination report is available to current and future customers upon request. We are committed to performing ongoing Type 2 SOC 2 examinations in future years.