Extending security across the entire IT estate and beyond

One of the first services offered by Quorum Cyber was an MDR service. This stands for Managed Detection & Response. Quorum Cyber offered MDR as part of a managed instance of Microsoft Sentinel connected to a 24×7 Security Operations Centre (SOC) to provide the Managed Detection part and, if permitted by customers, a degree of incident containment as part of the Response service.

During the summer of 2022 Microsoft released their XDR solution and Quorum Cyber was the first UK-headquartered partner, and one of the first few partners globally, to be verified for our Managed Extended Detection & Response service. Detection and Response are the same, but they are now ’eXtended’, giving XDR!

Our Managed XDR service provides comprehensive security across your whole estate by unleashing the full power of the Microsoft Defender (XDR) suite alongside Microsoft Sentinel. This solution drives a reduction in total cost of ownership (TCO), provides an always-optimised security posture that evolves with the threats, and enables your security teams to focus where it matters the most.

Background and context to the challenge

The threat landscape continues to increase in complexity and sophistication, with attackers maturing their playbooks and chaining together techniques to find even the smallest gaps in security controls. Alongside this the technology landscape has drastically changed in recent years with the move to cloud meaning it is harder to draw traditional perimeter lines around networks.

This means we need a new approach to security. The traditional ‘best of breed’ approach, over time, has led to varied technology stacks, with tools that do not fully integrate, leading to gaps in visibility and control, and high product maintenance overheads.

We believe that a consolidated stack, such as the combined strengths of Microsoft 365 Defender, Defender for Cloud, and Microsoft Sentinel, provides considerably enhanced protection by fully integrating to provide full visibility, automated controls, detection and response across on-premises, cloud and hybrid estates. They do however require constant maintenance and upgrades to keep pace with the threats and technology updates … which is where Managed XDR comes in.

What is Managed XDR?

The Microsoft Defender suite – including Microsoft 365 Defender and Defender for Cloud – combined with Microsoft Sentinel and Azure capabilities comprises the Microsoft XDR suite.

Quorum Cyber’s Managed XDR service takes ownership of these products for you, ensuring they are deployed effectively for your estate and business. It builds the 24/7 upon our MDR service by continually optimising and enhancing the Defender controls, detections and responses – automating where practical – in line with the threats and latest technology features.

For Quorum Cyber’s customers they extend in two directions:

1. Our management extends into the customer’s Azure tenant to proactively monitor and configure the security tooling. Rather than waiting for an incident to occur (so it can be detected by the SOC), Quorum Cyber engineers will proactively work within a customer’s Azure tenant managing the family of Microsoft Defenders that customers have access to. The initial focus is typically around the Microsoft 365 Defenders and Microsoft Defender for Server which provides the greatest level of protection for many of our customers.
2. Coverage is also extended. From evolving protection on end devices (see sidebar), to identity, to web apps, to data to nearly 20 different Microsoft Defenders that can be employed to protect your IT landscape.

Key benefits of Managed XDR

The Managed XDR service gives you peace of mind knowing you have comprehensive, continually evolving protection across your entire IT environment delivered by our Microsoft and cyber security experts. The benefits of XDR include:

• Always-optimised security posture – reducing the probability and impact of a security incident with an always-optimised solution that keeps pace with the threats and your business needs
• Reduce the TCO of security – unifying security controls under the Microsoft ecosystem, we reduce overall spend in licensing and management overheads – customers have seen a >30% TCO reduction
• Increase effectiveness of security teams – enable your teams to focus where it matters, rather than making products work. Strong controls and well-tuned alerts also mean your teams focus on only the important incidents, not false positives
• Drive operational efficiency and resilience – visibility, orchestration and automation capabilities enable the organisation to thrive even when under attack
• Understand your risk profile and where to focus improvements – the full XDR solution provides unique insights into your risks based on activity and alert trends, controls, and current security posture – enabling you to understand your risks and report to the board.

Quorum Cyber has a team of dedicated XDR engineers who specialise in this area. If you would like to know more about our Managed XDR or any of our other services, please get in touch.