Deloitte has expanded its Managed Extended Detection and Response (MXDR) by Deloitte platform to include enhanced cybersecurity industry intelligence, as well as four new modules for dynamic adversary intelligence, digital risk protection, threat hunting and mobile device security.
“As the threat landscape continues to change rapidly, we want to offer our existing and future clients access to what we call the ‘next generation’ of threat intelligence and threat hunting capabilities,” said Curt Aubley, MXDR by Deloitte leader and a Deloitte Risk & Financial Advisory managing director, Deloitte & Touche LLP. “With this new MXDR expansion, we focused on helping organizations take a more proactive defensive posture in their cyber programs—whether they choose to do so via our whole platform or use of just a few of our MXDR modules.”
Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP, added, “We are constantly evolving our cyber offerings to help our clients confidently future-proof their security strategies with more outcomes-based opportunities to manage dynamic threat risks wherever organizations are in their journeys. MXDR by Deloitte can help organizations do so via our U.S. commercial, EU and FedRAMP-authorized capabilities supported by our 24x7x365 security operations centers.”
Already a cloud native software as a service (SaaS) delivered platform of integrated and modular managed detection and response technologies and supporting capabilities – such as advanced, military-grade threat hunting, detection, containment, response and remediation services – MXDR by Deloitte now includes:
- Cyber Security Intelligence (CSI) – An expansion of the platform’s core intelligence body of knowledge, CSI data now includes Deloitte’s own proprietary sources and tools, as well as CrowdStrike Falcon X automated threat intelligence, to provide actionable Indicators of Compromise (IoCs), threat notifications, threat actor profiles, industry landscapes, automated sandbox analysis, as well as threat briefings requests for information (RFIs). Further, a CSI module expansion includes staffing by a dedicated intelligence delivery manager to help further curate cybersecurity intelligence deliveries for each client based on specific organizational industry, geographic and other needs.
- Dynamic Adversary Intelligence (DAI) – The DAI module assists clients as they conduct over-the-horizon adversary investigations by using the open web without the need to deploy sensors into a client environment and by collecting intelligence data from the dark web, ransomware, cryptocurrency, and network enumeration of malicious cyber actors and nation states. DAI investigations use passive collection methods leveraging global telemetry, industry leading application programming interface (API) integrations, refined tradecraft, proprietary analytics of publicly available information and proprietary sources via the Splunk component of MXDR by Deloitte. The module aims to help organizations improve the relevancy and expand the intelligence data they use in security decision-making.
- Digital Risk Protection (DRP) – The DRP module offers a channel through which organizations can follow their external “digital footprints” across the open, deep, and dark webs, as well as on mobile apps and social media. It alerts organizations to threats such as potential intellectual property exposure, as well as when potential email, credential, brand and other misuse are found, so that security teams can focus on rapidly mitigating harmful and fraudulent activity that pose risks to their employees, customers and brand.
- Active Hunt and Response (AHR) – The AHR module offers next-level active hunting capabilities, inclusive of Deloitte’s own analytics and a new dissolvable, in-memory hunt sensor, offering a distinct method to collect telemetry, engage and defeat adversaries silently. AHR can be deployed via the full platform or as a stand-alone on-site capability for specific client mission needs, like high-latency, low-bandwidth or physically segregated networks. The module builds upon earlier platform capabilities that deliver hypothesis, escalated and retrospective threat hunting.
- Mobile Prevent, Detection, and Response (MPDR) – As mobile device management programs can struggle to keep pace with security needs for growing and diversifying on-network mobile devices, Deloitte has expanded proprietary hunt capabilities offered for mobile within the MPDR module. The module is now also fully integrated with CrowdStrike Falcon for Mobile Endpoint Detection and Response (EDR) and CrowdStrike’s mobile threat defense (MTD). All MPDR capabilities aim to help clients improve visibility and threat prevention and detection to the mobile edge.
Earlier available modules in the MXDR by Deloitte platform include: prevention, detection and remediation for endpoints; cloud security workloads; identity; insider threat, proactive hunting, intelligence, attack surface and vulnerability management; and unified XDR log and analytics management.
The alliances initially involved in operationalizing MXDR by Deloitte are Amazon Web Services (AWS), CrowdStrike, Exabeam, Google Cloud Chronicle, ServiceNow, Splunk, and Zscaler. Forthcoming iterations of the offering suite will include additional alliances, as the platform evolves along with client needs.