Share on facebook
Share on twitter
Share on linkedin

Managed Detection and Response from a Managed Security Service Provider

Enterprises are increasingly recognising that deploying multiple point security solutions can reduce cyber risk when deployed correctly but do little to provide visibility and detection of security events across the organisation. For many enterprises, Managed Security Service Providers such as Bridewell, are trusted strategic partners who have demonstrated their commitment to protecting the privacy and security of your data through services such as Managed SOC and SIEM.

Unfortunately, despite this, with the increasing complexity and sprawl of an Enterprises architecture driven by cloud adoption, the average breach detection and containment times have not come done and is still in the region of 280 days. More than enough time for an attacker to gain a foothold in an environment. To address this, enterprises are shifting from a security monitoring and notification approach to a more focused threat detection and response approach, known and Managed Detection and Response, or MDR.

MDR is a 24-hour cybersecurity service that combines human analysis, artificial intelligence and automation rapidly detect, analyse, investigate, and actively respond to threats (e.g. containment or disruption).

At the centre of the Managed Detection and Response solution is usually a proprietary technology stack including a SIEM (Security Information and Event Management) and an EDR (Endpoint Detection and Response). Telemetry is analysed and complimented with cyber threat intelligence and once a threat has been identified, the MDR provider usually provides recommendation and assistance in remediation or containment though their EDR tool. This is ideal for organisations that are best equipped to handle automated alerts and have internal cyber security expertise to conduct further threat investigations and response.

The Bridewell Managed Detection and Response service extends this model to delight our customers with our Managed Security Service Provider capabilities. Firstly, Bridewell adds additional SOC specialist skills to our MDR product such as Vulnerability Management, Threat Hunting, Dark Web monitoring and Digital Forensics. As a true extension of your IT team, we can run and act as your Cyber Security Incident Response Team (CSIRT), providing you with all the skills needed to manage and recover from an attack.

Secondly, we break away from the proprietary technology stacks and we integrate best of breed security vendors and intelligence to create a modern and scalable security system that integrates into the UK’s most accredited Cyber Defence organization, which includes certifications from NCSC, CREST, CHECK, PCI and ASSURE. At the centre of the technology is Microsoft’s Sentinel, a cloud scale SIEM that leverages the power of Microsoft’s Azure platform, their global threat intelligence and artificial intelligence to deliver a massively scalable and capable Security Orchestration, Automation and Response solution as part of our MDR. Add to this, the Defender XDR capabilities to offer endpoint and cloud visibility, containment, and response capabilities, making it one of the most comprehensive security suites available.

Next, we make it easy to transition into the Bridewell service. Using the Microsoft Sentinel Platform, we create the SIEM and SOAR service within your Azure tenant. Meaning the data and control of the service is yours and you can interact with the service in real-time. It means it is just as easy to leave, but we do not think you will want to. We build and deploy our services using DevOps and we can deploy a platform with standard use cases within hours, delivering rapid value to our customers. This can add real value in a live investigation where visibility is lacking.


We know migrating from an existing SIEM and SOC can be difficult, but Bridewell have developed transition playbooks that have been trusted by our customers to help migrate them from vendors such as AlienVault, Q-RADAR, ArcSight, Splunk and LogRhythm across to Microsoft Sentinel whilst increasing visibility and assurance at the same time of reducing risk and cost. Bridewell goes above and beyond with our customers by developing custom use cases and playbooks to ensure that our service delivered the outcomes and desires of the customer.

Finally, we look at adoption and education. We work with your team to ensure they understand the real-time information that they have access to and offer training and development of your own analysts and SOC teams to increase your own skills in house and potentially transition some services into your own team.

Related Posts