Get in Touch
Managed Detection and Response (MDR) is our all-inclusive 24/7 service. It is designed to address the critical mission of reducing cyber security risk, and proactively detecting and responding to cyber-attacks. Our mission is to ensure that you can operate your business safely and confidently, knowing you’re protected at all times. We’re focused on business outcomes and results, not a selection of features or services.
The MDR service is powered by Microsoft Sentinel, offering a rapid time-to-value and comprehensive handling of cyber incidents to containment. (We don’t believe in profiting from you on your worst day – we’re here to protect you so that if an incident happens, we’ll support you in responding to it as part of the service.)
Our Managed Extended Detection and Response (M-XDR) service is even more extensive than our MDR service. M-XDR provides continuous optimisation of your security controls and protections to ensure attacks are blocked earlier, attacker dwell time is reduced, and your security teams are free to focus on other critical work.
Today, it’s not if a cyber-attack will happen, but when. And to make cyber security even more challenging, cybercriminals are increasingly using artificial intelligence (AI) to attack faster than ever before. Without continuous, always-optimised monitoring and response, they will eventually get through. We fight back with intelligent automations, human creativity and industry-leading technology – ensuring that the latest threats are stopped in their tracks.
What is Microsoft Sentinel and how does it work?
The M-XDR service is powered by Microsoft Sentinel, offering a rapid time-to-value and comprehensive handling of cyber incidents to containment. Microsoft Sentinel is a cloud-native SIEM platform that gives you an overview of your entire estate’s cyber security posture, allowing users to find and respond to active threats before they cause significant harm.
Will Microsoft Sentinel integrate with my company's existing tools?
Yes, Microsoft Sentinel will fully integrate with your company’s existing toolset, allowing users to connect to, and collect data from, all your company’s sources including users, servers, applications and any devices running on-premises or in the cloud. Microsoft Sentinel integrates with existing business applications, other security products and even custom-built tools.
What are the benefits of a cloud-based SIEM vs on-premises SIEM?
The largest benefit to having a cloud-based SIEM is cost. An on-premises solution is, generally, a very costly endeavour, and this factor is often underestimated when it comes to setting a budget. Aside from the large up-front costs of setting up the on-premises SIEM, there are ongoing costs with regards to updates and maintenance, additional hardware, servers and storage, as well as the SIEM team members’ salaries.
That said, some organisations do still prefer some of the benefits afforded by an on-premises SIEM in comparison to its cloud-based counterpart. The main factor here is security. As the SIEM is an on-site solution, all sensitive company data is completely held on-site and there is nothing sensitive stored in the cloud. This type of solution also gives the organisation complete control over all aspects of the SIEM – it is important to note, however, that this is only really a viable option where there are employees in place with the necessary skills, knowledge and expertise to manage such a complex solution. A cloud-based SIEM comes with a dedicated team of industry professionals who already possess the required levels of knowledge and expertise.
We use Office 365 as our company email, can I monitor this with Microsoft Sentinel?
Yes, the Office 365 activity log connector provides insight into ongoing Office 365 user activities. By configuring Office 365 Connector in Microsoft Sentinel you will get details of operations such as file downloads, access requests sent and details of the user who performed each action.
An administrator account in Office 365 is required to enable this connector.