Blog

Webinar Recap: MDR and MXDR Overview and Demo

May 24, 2023
Data Protection, IT Security, IT Services

If you missed US Signal’s recent presentation on Managed Detection and Response (MDR) and Managed Extended Detection and Response (MXDR), featuring our friends from White Night Labs and Littlefoot Coffee Roasters, we’ve included a quick recap in this blog. (But it’s minus Littlefoot Coffee’s Chemex brewing demonstration.) You can watch the webinar replay ─ brewing demonstration included ─ here.

The Services

MDR and MXDR are both US Signal managed information technology (IT) security services designed to strengthen protection across companies’ networks without increasing their internal teams’ workloads. While the services are different, they are also complementary so that either or both can be used, depending on a customer’s specific needs and preferences.

• MDR – MDR leverages a third-party software platform (Sentinel One) to collect, monitor and analyze endpoint data from all endpoints to bolster security and eliminate blind spots across your network. The platform includes nine different detection engines and machine learning-based tooling. US Signal’s security operations center (SOC) team works with customers to set up and implement the service.

Software agents perform endpoint monitoring and collect data from all activities, processes, connections, and data transfers, placing it into a central database. Pre-configured rules then identify when incoming data contains a known security breach and trigger an automatic response to log the user off or alert an administrator. Forensics tools enable IT security professionals to investigate past incidents and understand how the breach worked to penetrate security.

• MXDR – As with MDR, US Signal’s SOC team works with companies’ internal teams to manage the deployment and setup of XDR. The big difference between the two services is that MXDR employs the Rapid7 Insight IDR platform, which extends monitoring beyond endpoints to include network and cloud sources to generate a more holistic picture of what's happening within a company’s environment.

• US Signal SOC - XDR and MXDR both benefit from the services of US Signal’s SOC. This team of experts has extensive training on these vendor platforms and uses them to conduct 24/7 response and monitor customer environments. The team can help perform proactive threat hunting and intrusion analysis if anything abnormal is detected.

Demo Highlights

The demo portion of the webinar starts with a quick overview of the Sentinel One and Rapid7 Insight IDR consoles and some of the specific tabs and platform features.

From there, a simulated attack was launched to demonstrate how US Signal’s services provide protection and detection. The specific incident used ─ called BumbleBee Roasts Its Way to Domain Admin ─ occurred last year and provided the script for the White Knight Labs team to follow so that they could emulate the attack in the demo environment and show how both platforms (Sentinel One and Rapid7 IDR) detect and respond to the incident.

The best way to appreciate the capabilities of both platforms in intrusion detection and response is to view them in action, so be sure to watch the webinar replay and hear the explanation from Nick Defoe, US Signal’s Director of Information Security.

Future Events on the Horizon

There are lots more US Signal events coming soon – including Beers with Engineers Happy Hours. Don’t miss these knowledge-sharing opportunities, education, networking, and more. And if you have specific questions about US Signal’s MDR and MXDR services, call (866) 274-4625 or email us at [email protected].