Arete’s Managed Detection and Response (MDR) services are next-generation managed security services that include:
Highly experienced people (security architects, analysts, forensic investigators, and incident responders) who continuously monitor your security infrastructure (24×7) and proactively triage, investigate and respond to threats as they appear.
A platform (hardware, software, applications, threat intelligence) that enables Arete to detect, prevent, investigate, and (as authorized) remediate threats on your behalf.
A process that will give both Arete and you shared visibility and control over your security status, posture, and operations (it’s not a “black box”).
There are two Arete MDR service offerings that are distinguished based on the platform components that are included in the service:
Includes the SentinelOne platform component
Includes both the SentinelOne and AlienVault platform components
Arete’s people are arguably the most important, the most unique, and the most differentiating component of Arete’s MDR service offering. Experienced cybersecurity professionals are in extremely high demand, and Arete’s team is made up of world-class security operations analysts, security architects and engineers, incident responders, and forensic investigators with hundreds of person-years of experience in government and civilian cybersecurity environments. We have a deep understanding of threat actors’ tactics, techniques and procedures (TTPs) based on decades of experience doing actual Incident Response (not just selling security products). This level of knowledge and experience is required to provide the judgement required in an MDR service.
Arete’s MDR service is based on a modular platform made up of a set of product and system components that were carefully selected and integrated by Arete based on decades of experience in cybersecurity as both developers and users of security products and services. These components can be deployed in a modular way to complement and enhance the capabilities your existing security infrastructure.
The key components of the platform include:
Advanced Endpoint Protection (Powered by SentinelOne)
This component is an endpoint protection and response system that uses Artificial Intelligence and real-time behavior analysis to automatically detect, block, and remediate threats, including threats that cannot be detected by traditional or even “next-gen” anti-virus systems. It also includes a “flight recorder” capability that continuously extracts and stores a rich set of information (metadata) about all endpoint activities – such as process, file system, and network behavior – that enables Arete’s monitoring team to “go back in time” and find the root causes of threats under active investigation. (Note: this platform component is included in all Arete MDR services).
Universal Security Management (Powered by AlienVault)
This is a multi-function component that provides many security features and functions such as asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM and log management, security and compliance reporting, and case management. By consuming, normalizing, storing and analyzing logs, events, and alerts from your entire security infrastructure, this component provides the broad visibility and triangulated threat detection (correlation) that’s required for effective security. (Note: this platform component is included in “Arete MDR Plus” service only).
The Arete MDR service employs a proven process that includes: