This post has been republished via RSS; it originally appeared at: Microsoft Security Blog.
The way of working is changing rapidly. Many workloads are moving to the cloud and the pandemic accelerated organizations to provide infrastructure to aid employees working from anywhere (or mostly from home) at any time and, when possible, from any device (corporate or private). The security team needs to keep up with an increased workload on top of their often already stretched budget, resources, and focus. Working through many alerts from ever-changing situations is challenging: how can they prioritize? And how can they handle them with only a finite number of people?
Keeping up and reviewing these alerts is challenging enough for most security teams let alone investigating and responding to these alerts around the clock. This means that a critical alert can be missed, and incidents can follow soon after disrupting the productivity of a colleague (in a best-case scenario) or disrupting the entire business at great expense (in a worst-case scenario).
Threat actors don’t work standard business hours and often an attack consists of several smaller incidents that can lead up to a major event, such as loss of productivity, data loss with a high cost of recovery, and time lost. To see the bigger picture, you need to make sure you see every piece of the puzzle without creating alert fatigue. This is where Wortell managed services can help.
How Wortell helps reduce alert fatigue
The number of alerts that are generated by an organization depends on multiple factors. These can be the type of organization as well as the number of employees and the complexity of the workloads. If these are not properly triaged, then a lot of time can be spent on false positive alerts that take precious time away from security professionals. In fact, an average of 90 percent of alerts can be resolved automatically, thus reducing the amount of false-positive alerts.
Reducing the number of false-positive alerts is key in effective managed detection and response. Investigating false notifications costs time and money. That is money that your organization could have spent elsewhere. Security, by design, is key in providing cost-effective managed detection and response. By providing the right configuration of tools and workloads, you can reduce the number of alerts. Wortell provides full service from baseline configuration to managed services with their security professionals and Managed Detection and Response (MDR) team.
- Baseline configuration: They provide their knowledge and expertise when configuring identity protection as a baseline for security. Then they configure and deploy endpoint security baseline to start detecting.
- Automated response: After receiving the first signals from your endpoints they can start setting up automated responses. This is a combination of the experience of Wortell best practices as well as customer-specific use cases.
- Managed services: Alerts are monitored and investigated at all times by a dedicated MDR team.
With Wortell MDR services, you as a customer can focus on your main business and they make sure that incidents are stopped before they become a threat.
Wortell provides threat protection with Microsoft Defender and Microsoft Azure Sentinel to collect those individual alerts in a single dashboard. This allows them to get insights across the platform and discover the individual puzzle pieces of an attack before they become a threat.
They provide added value with their Vidara platform by providing automation of alerts and triage. The combination of the Microsoft products and the services from Wortell make up their MDR for around-the-clock threat protection.
Managed Detection and Response: The reinvented security operation center
Setting up a security operation center is complex. It requires infrastructure in place and can take up months to get fully deployed. MDR is cloud-native and only takes days to set up instead of months. The benefits don’t stop there. On the detection side, you gain proactive threat hunting and the ability to detect and mitigate zero-day attacks, insider and malware threats where the traditional solution would only have been able to re-actively detect incidents and known vulnerabilities.
This means that the return of investment is result-driven and starts providing value right from the start without a lengthy implementation time and associated costs. The managed part means that you as a customer can pay-per-user and don’t need to make a big investment upfront. Wortell will discuss the key performance indicators and provide you with a service level agreement, and then they are ready to start detecting alerts and keeping your environment safe.
Use case: Crisis averted
To share an example of an anonymous customer scenario, their MDR team detected unusual behavior within the environment of their customer. The behavior alone did not raise any flags, but the combination of alerts showed a different story. A ransomware attack was unfolding and a battle for control started—a worst-case scenario for any organization—that proved a real crisis internally.
“During this crisis, Wortell did not only provide the standard MDR services but also helped us to shape crisis management (such as structuring, setting priorities, take immediate actions based on vigilance). In doing so, they took full responsibility for keeping the environment under control. Wortell is our most crucial security partner. Their around the clock MDR services prevented a ransomware attack last month.”—Anonymous organization in the chemical industry
The security specialists worked closely with the Microsoft DART team and demonstrated excellent performance. Wortell highly appreciates such a partner in their security ecosystem. Because of the early signals and correlations across the different services, the threat was detected before it became a problem and was mitigated before it could enact control over the environment. Crisis averted.
How Wortell works
By defining a solid baseline for security, Wortell can reduce the number of alerts by design. The alerts that are left can largely be automated by defining the right use cases with the customer and providing the insight and experience of the Wortell MDR team. The alerts that are left are triaged by the MDR team and in case of an incident, they provide the customer with the right choices to resolve the incident and mitigate the risk.
By mapping the MITRE ATT&CK Framework to their use cases, they can detect indicators of compromise before they become a threat or automatically isolate those threats for remediation. This allows all their customers to benefit from any new use cases that are added to their platform from day one.
Their security analyst team in the Nederlands then provides around-the-clock coverage with eyes on the screen to provide response on incidents in real-time. The combination of automation, standardization, and the human factor allows for the management of multiple organizations at once and providing scalable and affordable MDR for their customers.
Figure 1: Architectural diagram of Wortell’s MDR for two anonymous customers.
Supercharging with the Vidara platform
Every action inside of an IT environment can be logged and can be part of an attack. To discover if an action is part of a larger attack, they need to make sure the right alerts are triaged, explored, and when needed, mitigated.
Wortell uses an in-house developed machine learning-driven platform called Vidara to extend the detection possibilities of the Microsoft platform. This neural network can detect and respond to the most complex security incidents at high speed.
Key features of Vidara include:
- Organizational tailored threat intelligence.
- Extending detection by providing a use case library.
- Automated responses.
Start detecting today
Eager to find out what Wortell can do for you? They provide a no-cure no-pay solution, where the first month of detection and response is free if they cannot add value to your organization. That is how confident they are in their services.
To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post Improve your threat detection and response with Microsoft and Wortell appeared first on Microsoft Security Blog.