flexMDR
flexMDR is for the customers that want to actively monitor security and event logs direct from specific security or network products they have invested in.
flexMDR's product integration to Vertek’s SOAR/SOC Platform, Management, Tuning, and MDR Operations are performed by Vertek. Vertek's flexMDR services are provided on a 7 day 24 hour basis.
flexMDR can provide detection and response across the IT environment and can be intergrated with 500+ products.
Premium capabilities in all MDR Service Packages:
The Vertek flexMDR service continuously monitors clients’ networks and endpoints for any signs of malicious activity to quickly mitigate any threats before they do damage.
Clients’ organizations are continuously protected against the latest threats with Vertek’s team of security experts monitoring the threat landscape 24/7 and developing new methods to detect and respond to threats.
Automated response capabilities quickly contain and remediate threats, reducing the impact of a security incident and minimizing the time and resources required to recover from such an event.
flexMDR includes detailed reporting and insights to monitor an organization’s security posture. Data identifies areas for improvement and the effectiveness of security measures over time, with the option to add-on Vertek’s Managed Threat Intelligence (MTI) success model.
Vertek’s Flex Managed Detection & Response (MDR) = all of the benefits from a world-class SIEM, plus enterprise-wide security coverage from a 24×7 Security Operations Center.
Incident Response
Vertek Active Response/ Automation Capabilities
Email Gateways
• Quarantine/delete email identified as having malicious content or content in violation of policy
EPP/EDR
• Terminate processes
• Delete files
• Get device info
• Isolate nodes
• Pull forensic data
• Hunt for Indicators of Compromise (IOCs)
• Lookup domain, file or IP address reputation
• Start EPP scans on remote nodes
• Reboot a device
• Rollback a device configuration to last known good state
Firewalls, IDS/IPS, Routers, SDWAN, Web Gateways, and VPNs
• Block traffic by port
• Block traffic by IP address / range
• Isolate nodes
IAM
• Get user info
• Suspend/delete user
• Force step-up authentication event
ITSM
• Get ticket info
• Create/update tickets
• Reassign tickets
• Close Tickets
SIEM
• Execute Queries
Services Backed by Monthly Analyst-Led Security Reviews
Review Detection
Operational Transparency:
✓ True Positives alarms by intent and time of day provide a window into the types of attacks your business is facing
✓ True Positives strategies by time of day provide a valuable approach to your
overall security plan
✓ Alarms by severity provides a quick reference into your security posture
✓ True positive alarm trends provides visibility into when more resources and focus may be needed
Review Response
Concise, Informative, Actionable:
✓ Average Center pick up time by severity
✓ Alarms resolution trend information
✓ Alarm deflection percentage
✓ Average resolution time by severity
✓ Alarms communicated by month
Document and Track
Monthly Incident and Action Dashboard
✓ Deployment Status & Environmental Changes
✓ Outstanding and Important Alarms, Vulnerabilities
✓ Service Tuning and Maintenace Tickets
✓ SIEM Total Events and Statistics
✓ Document Network Changes | Critical Vulnerabilities
✓ Generate and Track Client & Vertek Action Items
✓ Critical Prioritization and Remediation Guidance
✓ Track Client Signoff on SIEM Filtering and Suppression
flexMDR Services
flexMDR modernizes security operations capabilities- it can create, evolve or flex existing security stack
You will gain 24/7 Managed Detection and Response Platform and service capabilities
Your business will stay ahead of attackers with security POD – enabling resource agility, flexibility and scale
Customer Benefits of
Implementing FlexMDR
Reduced Risks of Data Breaches
Respond to Security Events
Document Security Incidents
Increase Peace of Mind
Asset Visibility
Know who and what is connected to your environment
SIEM & Log management
Correlate and analyze security event data from across your network and respond
Detection and Response
Continuously monitor your Identities, Endpoints, Apps, Email and Docs, Cloud Apps and IoT devices
Security & Compliance Reporting
Customizable reports for regulation standards and compliance frameworks
Behavioral Monitoring
Powered by AI and ML, Identify suspicious behavior and potentially compromised systems
Threat Analytics and Compliance Reporting
Microsoft Watchlist and Phishing, Vertek OTX, PhishTank, IPQuality Score & VirusTotal