MDR: Managed Detection and Response
Passive cybersecurity techniques are no longer able to secure your network against the increasing sophistication and frequency of cyber-attacks. Our Managed Detection and Response (MDR) service is specifically built to stay one step ahead of cybercriminals. Through the combination of human Analysts and our machine-learning Critical Insight system, we are able to identify and respond to attacks in real-time. Critical Informatics’ MDR provides you with dedicated human threat detection, investigation, response and expedited recovery.
Our algorithms process network event data to identify:
- Statistical anomalies
- Interaction with known malware distribution or criminal command and control sites
- Signature-based events from the intrusion detection Critical Insight Collector
- Correlation of multiple suspicious events
- Significant periodicity in signals
Our machine learning “remembers” every question asked of the data, and this is used to automate those queries that yield results.
Utilizing elastic scalability, machine learning, and advanced data indexing algorithms, we are limited only by the amount of data you can provide to us. We grow as large as we need to be, and we do not lose processing capabilities as we scale. Our learning approach allows Critical Insight to become continuously more powerful and faster as data is ingested and processed.
Our security experts investigate an incident to confirm it is a true threat. Once confirmed, the analyst prepares and communicates a customized Incident Action Plan (IAP) and interfaces with your staff in a pre-designed incident response process to quickly address the compromise. Incidents are addressed quickly so that actual damage and loss are averted or minimized. This process eliminates false-positives to give you an actionable plan for a confirmed threat.
Availability of full packet capture at the collector allows our analysts to “replay” events under investigation for 100% incident confirmation and 0 false positives. Once an incident has been confirmed, we can go “back in time” and determine if any other compromises occurred prior. We can replay all that happened, often down to the mouse-click.