Managed Detection and Response

Do you have the capabilities needed to hunt for and rapidly contain sophisticated cyber threats across your IT estate?

Traditional investment of time and resource to sift through large volumes of log data often does little more than create additional alerts for already overloaded security operations teams.

To illuminate the real threats and harden critical systems, it is important that security teams leverage the right tools and technology to monitor their entire environment, while continuously applying specialised threat hunting techniques to detect and respond to attacks that have bypassed traditional controls.

Why now is the time to take action:

  • Attackers increasingly finding ways to breach systems and move laterally within the network to evade detection. Network and log monitoring is not enough.
  • Legal requirement to respond within 72 hours or face significant fines under GDPR with clarity now on what constitutes an ‘event’.
  • Lack of skilled security staff with the ability to retrospectively assess ‘new’ threats quickly and see if they exist in the environment.
  • Commodity services acting as ‘alert factories’, burdening security operations. Consequently, analysts are missing contextual insight into specific threats targeting systems and courses of action.

How can we help?

Our MDR service provides 24/7 advanced cyber defence against both commodity threats and sophisticated, targeted attacks by focussing around the four key stages of prevention, detection, response and hunting. We provide our clients with sophisticated defences across the IT environment (including endpoint, network and cloud) to prevent breaches, reduce cyber risk, support compliance, and help meet the strict breach detection and reporting requirements from regulations such as GDPR and NIS.

Benefits:

  • Reduce investigation and response times down to seconds or minutes – Our ability to monitor the endpoint, network, cloud (SaaS & IaaS platforms) in near real time allows us to significantly reduce the time it takes to detect and respond to threats. 
  • Stop threats before they damage the targeted system – Unlike many other MDR providers, we include in depth malware, ransomware and exploit prevention capabilities to block most threats in real time. This uses automated behavioural and threat analysis techniques, augmented by global threat intelligence, to block many known and unknown threats in the first seconds and minutes of an attack without requiring human intervention.
  • Sophisticated multilayered approach significantly reduces the risk of evasions and ‘silent failure’ - We combine a wide range of complimentary prevention and detection mechanisms, together with expert threat hunters, augmented by advanced machine learning analytics. With this approach we can detect subtle behavioural anomalies in petabytes of data, while drastically reducing the risk that any single layer will fail silently and allow a sophisticated attacker to evade detection. 
  • Access to the information needed for response and investigation activities – We record activity data in near real time from all monitored endpoints and store that data for at least 30 days (extendable depending on requirements). This allows you to rapidly access evidential and investigative data when notifying regulators or carrying out further analysis. 
  • Identify data at risk from external or insider threats – In depth visibility of both endpoint and network activity, including file access tracking, to help identify data at risk from external or insider threats.
  • We won’t leave you to deal with the threat alone – We carry out pre agreed containment actions to mitigate the malicious activity. Our global incident response team are always on standby for emergency support in a large scale incident.
  • Direct engagement with our analysts – We aim to work as an extension of your team with direct lines of communication so you can easily raise questions or request investigative support and receive answers quickly.

Why PwC?

  • Intelligence gleaned from the front lines of incident response engagements in more than 40 countries.
  • Dedicated threat hunters searching proactively for threats and other suspicious activity.
  • Rated by Forrester as ‘Leader’ in Digital Forensics and Incident Response.
  • We have a unique understanding of board expectations as business risk advisors.
  • We are business risk advisors recognised by industry accreditations for our cyber security global leader for security consulting services.
  • Our MDR service provides rapid access to our incident response services.
Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Sergio Hernando

Sergio Hernando

Partner Technology Resilience, PwC Netherlands

Tel: +31 (0)63 087 97 19

Hide