Managed Security (MDR)

SOC Review

Comprehensive analysis of the insourced, outsources, or hybrid SOC

BDO MDR consulting team provides a comprehensive SOC service review for companies.
The review includes information gathering, documentation review, staff interviews, and peer documentation review. The review is based on SOC-CMM variation. All controls are broken down into four foundational aspects (PPTS):
PEOPLE: Staff recruiting, training, roles and responsibilities, performance assessment.
PROCESS: Defined processes to deliver services and outcomes.
TECHNOLOGIES: Functions dealing mostly with technology operations.
SERVICE: Client-facing or client interaction controls.

Each control's completeness is evaluated using four criteria:
Process: A known way or partial documentation exists for the control.
Procedure: A written document describing the control.
Automation: Partially or fully automated control.
Audit: A verification process or procedure validating the control.

All existing components of the service are broken down, from onboarding to service health and offboarding. Each component is defined by:
Subject: Category or topic.
Category: Which aspect of the SOC the control describes.
Control: The actual capability reviewed.
PPT-Service: Which aspect of the service the control relates to.
Teams: Which teams are responsible for the control.
Audit/Validation team: Teams assigned to the control validation.
 

The SOC service review provides a deep analysis of the review results and identifies gaps that should be mitigated. The mitigation of gaps is prioritized for the company using the severity factor of controls to ensure that clients can focus on urgent and critical mitigations. This methodology allows companies to evaluate and enhance their SOC in a fast and efficient manner.

Purple Team

Enhance SOC capabilities

BDO MDR purple team as a service combines offensive and defensive cybersecurity techniques, enabling organizations to simulate real-world attacks and improve their overall security posture.

Comprehensive assessment uncovers sophisticated threats.
Authentic scenarios emulate actual cyber attacks.
Swift detection minimizes potential damage.
Effective simulations enhance incident response capabilities.
Proactive vulnerability remediation.

Cybersecurity Posture Assessment

BDO MDR conducts the Cybersecurity Posture Assessment service to provide organizations with a comprehensive evaluation of their security posture. This assessment helps identify potential vulnerabilities, weaknesses, and gaps in their cybersecurity defenses. By conducting this service, MDR aims to assist organizations in improving their security measures, enhancing their ability to detect and respond to threats effectively, and ultimately safeguarding their valuable assets and data from cyberattacks.
 

Managed Vulnerability Assessment

BDO MDR Managed Vulnerability Assessment service offers comprehensive scanning and assessment of an organization's systems, networks, and applications. Our expert team identifies vulnerabilities, prioritizes risks, and provides actionable recommendations to mitigate threats. With regular assessments, we help maintain a secure and resilient cybersecurity posture.

Threat Intelligence

BDO MDR Threat Intelligence service provides organizations with up-to-date, actionable insights into the evolving threat landscape. Our team leverages advanced tools and expertise to collect, analyze, and interpret threat data, enabling proactive threat detection, informed decision-making, and effective mitigation strategies to protect against emerging cyber threats.

Incident Response

MDR's Incident Response service delivers rapid, efficient, and expert handling of cybersecurity incidents. Our dedicated team works closely with organizations to contain and mitigate incidents, conduct forensic investigations, restore operations, and implement preventive measures to minimize future risks. With our timely response, we help organizations minimize the impact of security breaches and maintain business continuity.

Phase 1 Setting up

Forensic readiness - Examination of the maturity level of the discovery, response and investigation system for information security and cyber incidents, including building site reference book.

Phase 2 Detection & containment of the incident

•Identify root cause
•Detection of active hostile Actors 
•The incident is contained in 3 dimensions:
•Technical – Stop spread and mitigate
•Management – Guidance and consultation
•Business – Guidance and consultation

Phase 3 Investigation

•Identifying detection gaps
•Mapping compromised assets (Scope)
•Identifying relevant vulnerabilities
 

Phase 4 Remediation  & Recovery

•Support IT in recovery efforts
•Monitoring and detection during recovery
•Ensuring safe recovery

Phase 5 Reporting and improvement

•incident report and conclusions
•Recommendations for continued protection, detection and response

Anti-Phishing Prevention, Detection & Response

BDO MDR's Anti-Phishing Managed Service offers a comprehensive solution to protect organizations against phishing attacks. With a seamless one-day service setup, our service includes round-the-clock technical support and a proficient cyber analytics team. We provide 24/7 detection and immediate response to phishing attacks, ensuring fast remediation to minimize the impact of these threats on your organization's security and operations.

SOC 24/7

BDO MDR’ SOC service provides continuous monitoring, threat detection, and incident response to safeguard company’s digital assets. With a dedicated team of security experts, advanced technologies, and real-time alerts, we ensure rapid incident identification, response, and mitigation, enabling proactive defense against cyber threats around the clock

Managed Detection and Response (MDR)

BDO's Managed Detection and Response (MDR) services have undergone significant evolution since 2016. Initially focused on detection and response using SIEM and SOC operations, the service now incorporates managed solutions to ensure successful detection and effective incident response.

Over time, the service has evolved to become a multidisciplinary operation, going beyond detection and response to provide comprehensive support for successful defense to our customers. BDO MDR views clients as partners in a journey to protect, detect, and rapidly respond to both existing and emerging threats.

The core services include:
Log collection and correlation as a service
Incident Detection and Response
Client access to event and incident analytics and self-service reporting
Cyber Threat Intelligence 
Threat hunting 
Service monitoring and reporting
Service evolution and innovation

Threat Hunting

MDR's Threat Hunting service delivers rapid detection of "in the wild" spreading cyber attacks and industry-specific threats. With continuous monitoring and collaboration with our detection engineering team, we proactively hunt for threats, leveraging custom threat detection content to ensure timely identification and response, enhancing the overall security posture of our clients.

AWS Cyber Threats Monitoring

MDR's AWS Cyber Threats Monitoring service provides comprehensive monitoring and detection of cyber threats within AWS environments. Our expert team continuously monitors AWS infrastructure, services, and configurations, identifying and responding to threats promptly. With real-time alerts and proactive threat hunting, we help organizations maintain a secure AWS environment and protect critical data and applications.

Azure Cyber Threats Monitoring

MDR's Azure Cyber Threats Monitoring service provides comprehensive monitoring and detection of cyber threats within Azure environments. Our expert team integrates with Azure Logs Analytics, leveraging its capabilities to enhance threat detection. We offer consulting services to optimize detection configurations for better security outcomes. With mature integration, including custom development, we ensure tailored and effective threat monitoring for Azure deployments, empowering organizations to proactively protect their data and applications.

Co-Managed SOC

BDO MDR's Co-managed SOC service offers a collaborative approach to cybersecurity, combining the expertise of our security professionals with the internal resources of organizations. We work hand-in-hand with clients to enhance their SOC capabilities, providing monitoring, threat detection, incident response, and ongoing support. Together, we build a robust defense against cyber threats, leveraging shared knowledge and resources for comprehensive security.

Detection Engineering

BDO MDR Detection Engineering focuses on designing, developing, and optimizing detection rules and algorithms to enhance threat detection capabilities. Our expert team collaborates closely with clients to create custom detection content, fine-tuning it for their specific environment. With our expertise and continuous refinement, we improve the accuracy and effectiveness of threat detection, strengthening overall cybersecurity defenses.

Managed XDR

The MXDR service as a standard supports the Palo Alto Networks CORTEX XDR endpoint solution and Microsoft Defender for endpoint. For other EDR solutions, BDO collects, detects and responds. This service is used to identify cyber security incidents from abnormal behavior (identified on the endpoints) and integrates into the MDR ticketing and automation platform and is used to remotely respond to incidents on the endpoints. The table below provides the details for the EDR technology that will be used to provide this service to the company.

Managed Microsoft Sentinel

BDO MDR's Managed Microsoft Sentinel service delivers comprehensive monitoring, detection, and response capabilities using Microsoft's cloud-native SIEM platform. Our expert team configures and manages Sentinel to ensure optimal performance, leveraging its advanced analytics and automation capabilities. We continuously monitor logs and telemetry data, detect threats, investigate incidents, and provide timely response and remediation. With real-time alerts, threat hunting, and incident analysis, we help organizations stay ahead of sophisticated cyber threats. Our service includes 24/7 monitoring, proactive threat intelligence, custom rule development, and ongoing optimization to maximize the effectiveness of Microsoft Sentinel as a robust security tool for our clients.

Managed Microsoft Defender

BDO MDR's Managed Microsoft Defender service offers comprehensive protection against advanced cyber threats using Microsoft’s defender suite. Our expert team configures and manages Defender to ensure proactive security across devices. We continuously monitor and analyze data, detect malicious activities, and respond promptly to incidents. With real-time threat intelligence, behavior-based detection, and advanced machine learning, we provide a layered defense against malware, ransomware, and other threats. Our service includes 24/7 monitoring, incident response, threat hunting, vulnerability management, and regular reporting to ensure optimal security posture and safeguard critical assets for our clients.

Managed Anti-Phishing

BDO MDR's Anti-Phishing Managed Service offers a comprehensive solution to protect organizations against phishing attacks. With a seamless one-day service setup, our service includes round-the-clock technical support and a proficient cyber analytics team. We provide 24/7 detection and immediate response to phishing attacks, ensuring fast remediation to minimize the impact of these threats on your organization's security and operations.

Automation as a Service

BDO MDR's Automation as a Service leverages the Palo Alto Networks XSOAR platform to deliver automated incident response and security orchestration. Our service incorporates a vast library of content and playbooks, developed and evolving over a few years, to streamline and enhance security operations. By automating repetitive tasks, orchestrating workflows, and integrating security tools, we enable rapid incident response, reduce response times, and improve overall operational efficiency. Our Automation as a Service ensures organizations can effectively respond to cyber threats, mitigate risks, and optimize their security posture with the power of advanced automation and orchestration capabilities

Managed ASM

MDR's Managed Attack Surface Management (ASM) service utilizes the Palo Alto Networks Xpanse platform to provide comprehensive visibility and management of an organization's attack surface. Our service integrates seamlessly with the MDR ecosystem, allowing for efficient monitoring, assessment, and remediation of potential security risks across digital assets. Leveraging Xpanse's powerful capabilities, we identify and analyze exposed assets, misconfigurations, and vulnerabilities, helping organizations proactively manage and reduce their attack surface. With our expertise, proactive monitoring, and actionable insights, we assist clients in strengthening their security posture and mitigating potential threats.

OT MDR

OT MDR (Operational Technology Managed Detection and Response) is a comprehensive service that offers specialized consulting, a robust platform for OT threat detection, and seamless integration with MDR (Managed Detection and Response) detection infrastructure. With OT MDR, organizations can protect their critical operational technology systems from advanced cyber threats.

The service starts with expert consulting, where experienced professionals assess the unique OT environment and develop a tailored security strategy. They identify vulnerabilities, establish best practices, and ensure compliance with industry regulations.

The OT MDR platform combines advanced analytics and machine learning algorithms to continuously monitor and detect anomalies within OT networks. It provides real-time threat intelligence, behavioral analysis, and anomaly detection to identify potential attacks, unauthorized access, or abnormal behavior patterns.

Integration with MDR detection infrastructure ensures seamless coordination between IT and OT security teams. This facilitates swift incident response, effective threat containment, and streamlined collaboration.

OT MDR offers a comprehensive solution to safeguard critical OT systems. Through consulting, a powerful detection platform, and integration with MDR infrastructure, it enables proactive threat detection and response, ultimately ensuring the security and resilience of operational technology environments.

DNS Monitoring

DNS Monitoring is a robust service that leverages Cisco Umbrella, a leading cloud-based security platform, to provide comprehensive monitoring and protection for DNS traffic. This service is powered by BDO MDR a trusted provider of managed security services.

DNS Monitoring utilizes Cisco Umbrella's extensive threat intelligence database and advanced analytics capabilities to continuously analyze DNS requests and responses. It detects and blocks malicious activities, such as command-and-control communication, data exfiltration, and malware infections, at the DNS level.

BDO MDR's expertise in security operations enhances the DNS Monitoring service by providing 24/7 monitoring, threat hunting, and incident response. Their skilled security analysts actively monitor DNS traffic, analyze patterns, and investigate any suspicious or anomalous behavior. In the event of a potential security incident, BDO MDR promptly initiates the appropriate response actions to mitigate the risk and minimize the impact.

By combining the strengths of Cisco Umbrella and BDO MDR, the DNS Monitoring service delivers proactive threat detection and response capabilities. It ensures the integrity of DNS traffic, protects against advanced threats, and provides organizations with the peace of mind that their network is safeguarded against malicious activities.

Events of Interests Platform

BDO MDR "events of interest" methodology is a proactive approach to detecting and responding to potential security incidents. Using this methodology, a single log line or event can be tagged if it meets specific criteria indicating an "event of interest."

One key capability of the "events of interest" methodology is its ability to identify "low and slow" attacks. These are attacks that occur gradually over an extended period, often mimicking normal behavior to avoid detection. By analyzing individual log lines, the methodology can detect patterns or anomalies that suggest such attacks. This enables the identification of subtle malicious activities that may otherwise go unnoticed.

In contrast to the "events correlation" methodology, which focuses on identifying relationships between multiple events to detect attacks, the "events of interest" methodology provides a more granular approach to incident enrichment. By leveraging XSOAR automation, the methodology can gather additional information about an event, enriching its context and enabling a deeper understanding of its potential implications. This helps in distinguishing real attacks from false positives and reduces the number of false positive detections.

When combined with SIEM, the "events of interest" methodology adds an additional layer of detection content. SIEM systems collect and analyze logs from various sources, providing a centralized view of the organization's security posture. By integrating the "events of interest" methodology, SIEM can trigger alerts with higher confidence on real attacks, as it focuses on specific events that meet predefined criteria.

When combined with the "events correlation" methodology and integrated with SIEM, it strengthens the overall security posture, reduces false positives, and improves the detection and response capabilities of an organization.

BDO MDR provides our clients with access to the hunting platform, which features predefined and highly customized dashboards that provide an overview of triggered "events of interest."

MDR Expertise

BDO MDR is backed by a team of exceptional experts who possess a wide range of skills and expertise. Our team comprises the best professionals with extensive experience in SIEM SOC development, customization of automation processes, technical problem-solving abilities, and the creation of sophisticated integrations.

Our experts bring strong analytical skills to the table, enabling us to dissect complex security incidents and identify emerging threats. We possess a deep understanding of forensic techniques, allowing us to conduct thorough investigations and extract valuable insights from security incidents.

Collaboration is a core value of our team. We emphasize effective teamwork, knowledge sharing, and seamless communication to ensure that our clients receive the best possible service. Our experts work closely with each other and with our clients, leveraging their collective expertise to drive success.

Customer success is our primary motivation. Our team is highly motivated and dedicated to ensuring the success of our clients. We go above and beyond to understand their unique challenges and provide tailored solutions that address their specific needs. We strive to exceed expectations and deliver exceptional value to our clients.

Integrations

BDO MDR has developed robust platform integrations that seamlessly connect with hundreds of security systems and log sources, ensuring comprehensive visibility and analysis of critical data. Our integrations cover a wide range of platforms and technologies, including AWS and Azure cloud environments, firewalls, antivirus solutions, EDR/EPP tools, threat detection systems, vulnerability assessment tools, breach attack simulations, databases, active directory, and cloud services.

We understand that every organization has unique security infrastructure and requirements. Therefore, our team has worked diligently to develop customizable and flexible integration solutions. With our expertise, we can integrate any log source that is capable of writing or sending logs into the BDO MDR ecosystem through the development of custom collection engines.

Our SIEM integrations empower organizations with centralized log management and analysis, enabling them to gain valuable insights into security events and incidents across their diverse range of systems. By aggregating and correlating logs from various sources, we provide a holistic view of the security landscape, allowing for effective threat detection, incident response, and compliance monitoring.

Whether it's capturing cloud-specific logs from AWS and Azure, ingesting firewall and antivirus logs, correlating data from EDR tools, analyzing threat detection systems, or monitoring vulnerabilities and breaches, our integrations ensure that no valuable security data is left untapped.

BDO MDR's commitment to continuous development and innovation allows us to stay up-to-date with emerging technologies and security solutions. This ensures that our MDR platform integrations remain effective and adaptable, accommodating new log sources and evolving security requirements.

Difference and Flexibilities

What sets BDO MDR apart is our unique approach to adaptability and flexibility. We understand that every organization has its own infrastructure architecture and a set of existing security tools. We leverage this understanding to provide tailored services that align seamlessly with our clients' specific needs.

Unlike rigid approaches that may require clients to conform to a predefined framework, BDO MDR embraces flexibility. We have the expertise and capability to adapt our services to fit within the client's existing infrastructure and work with their preferred security tools. Whether it's integrating with their SIEM, leveraging their EDR solutions, or collaborating with their in-house security team, we find ways to make the most of the client's investments in their security toolset.

We pride ourselves on our "YES" mentality. Instead of simply saying "NO" to client requests that may fall outside the norm, we embrace the opportunity to explore alternative approaches and explain how it can work to better utilize their investment in security toolsets. We take the time to understand the client's objectives, constraints, and preferences, and then provide practical solutions that meet their requirements while maximizing the value they derive from their security infrastructure.

Our adaptability and flexibility extend to our end-to-end detection and response infrastructure. We have the capability to provide comprehensive detection and response services, covering the entire security lifecycle. However, we also understand that some organizations may have existing security operations capabilities or prefer a hybrid model. In such cases, we seamlessly integrate our services with the client's existing security operations, working collaboratively to enhance their capabilities and fill any gaps in their security posture.

BDO

On-demand best-of-breed services to strengthen our client detection and response capabilities and Capacity gaps.

Sustaining capability and capacity is increasingly difficult with the projected and ongoing shortage of advanced cyber skills. The more advanced skills are in highest demand, and in shortest supply, particularly in rapidly evolving areas and new technology.

By procuring managed security (MDR) services our clients are able to focus their attention and resources on the critical aspects of their internal organization and processes that require the most attention. They also allow clients to benefit from a level of resilience and defense that they would struggle to achieve alone.

The BDO Security Operations Center provides a range of on-demand services to support your 24x7 resilience that enable you to expand capacity when it is most required, and enlist specialist capabilities that you cannot justify employing.

BDO MDR was established in 2017

BDO MDR operates multiple Security operation centers worldwide. Local professionals are providing regional service delivery, project management and incident response capabilities when required.

Global Presence

BDO CYBER DEFENSE CENTER
Part of the BDO Global Network
43 Countries Selling Cyber within BDO
FOOTPRINT EXTENDS TO EVERY CORNER OF THE GLOBE

•BDO provides end to end cyber services to multiple international clients and organizations from different sectors.
•Ophir Zilbiger - BDO Global Cyber leader
•BDO COE - Global MDR, IR, TPRM and additional managed services.
•Strategic partnerships with various BDO firms
•Worldwide collaborations with strategic technology vendors
•Serves as BDO global Cyber “official” offering and provide cyber services to many BDO firms.