Dori Fisher
SOC Review
Comprehensive analysis of the insourced, outsources, or hybrid SOC
BDO MDR consulting team provides a comprehensive SOC service review for companies.
The review includes information gathering, documentation review, staff interviews, and peer documentation review. The review is based on SOC-CMM variation. All controls are broken down into four foundational aspects (PPTS):
PEOPLE: Staff recruiting, training, roles and responsibilities, performance assessment.
PROCESS: Defined processes to deliver services and outcomes.
TECHNOLOGIES: Functions dealing mostly with technology operations.
SERVICE: Client-facing or client interaction controls.
Each control's completeness is evaluated using four criteria:
Process: A known way or partial documentation exists for the control.
Procedure: A written document describing the control.
Automation: Partially or fully automated control.
Audit: A verification process or procedure validating the control.
All existing components of the service are broken down, from onboarding to service health and offboarding. Each component is defined by:
Subject: Category or topic.
Category: Which aspect of the SOC the control describes.
Control: The actual capability reviewed.
PPT-Service: Which aspect of the service the control relates to.
Teams: Which teams are responsible for the control.
Audit/Validation team: Teams assigned to the control validation.
The SOC service review provides a deep analysis of the review results and identifies gaps that should be mitigated. The mitigation of gaps is prioritized for the company using the severity factor of controls to ensure that clients can focus on urgent and critical mitigations. This methodology allows companies to evaluate and enhance their SOC in a fast and efficient manner.
Purple Team
Enhance SOC capabilities
BDO MDR purple team as a service combines offensive and defensive cybersecurity techniques, enabling organizations to simulate real-world attacks and improve their overall security posture.
Comprehensive assessment uncovers sophisticated threats.
Authentic scenarios emulate actual cyber attacks.
Swift detection minimizes potential damage.
Effective simulations enhance incident response capabilities.
Proactive vulnerability remediation.
Cybersecurity Posture Assessment
BDO MDR conducts the Cybersecurity Posture Assessment service to provide organizations with a comprehensive evaluation of their security posture. This assessment helps identify potential vulnerabilities, weaknesses, and gaps in their cybersecurity defenses. By conducting this service, MDR aims to assist organizations in improving their security measures, enhancing their ability to detect and respond to threats effectively, and ultimately safeguarding their valuable assets and data from cyberattacks.
Managed Vulnerability Assessment
BDO MDR Managed Vulnerability Assessment service offers comprehensive scanning and assessment of an organization's systems, networks, and applications. Our expert team identifies vulnerabilities, prioritizes risks, and provides actionable recommendations to mitigate threats. With regular assessments, we help maintain a secure and resilient cybersecurity posture.
Threat Intelligence
BDO MDR Threat Intelligence service provides organizations with up-to-date, actionable insights into the evolving threat landscape. Our team leverages advanced tools and expertise to collect, analyze, and interpret threat data, enabling proactive threat detection, informed decision-making, and effective mitigation strategies to protect against emerging cyber threats.
Incident Response
MDR's Incident Response service delivers rapid, efficient, and expert handling of cybersecurity incidents. Our dedicated team works closely with organizations to contain and mitigate incidents, conduct forensic investigations, restore operations, and implement preventive measures to minimize future risks. With our timely response, we help organizations minimize the impact of security breaches and maintain business continuity.
Phase 1 Setting up
Forensic readiness - Examination of the maturity level of the discovery, response and investigation system for information security and cyber incidents, including building site reference book.
Phase 2 Detection & containment of the incident
•Identify root cause
•Detection of active hostile Actors
•The incident is contained in 3 dimensions:
•Technical – Stop spread and mitigate
•Management – Guidance and consultation
•Business – Guidance and consultation
Phase 3 Investigation
•Identifying detection gaps
•Mapping compromised assets (Scope)
•Identifying relevant vulnerabilities
Phase 4 Remediation & Recovery
•Support IT in recovery efforts
•Monitoring and detection during recovery
•Ensuring safe recovery
Phase 5 Reporting and improvement
•incident report and conclusions
•Recommendations for continued protection, detection and response
Anti-Phishing Prevention, Detection & Response
BDO MDR's Anti-Phishing Managed Service offers a comprehensive solution to protect organizations against phishing attacks. With a seamless one-day service setup, our service includes round-the-clock technical support and a proficient cyber analytics team. We provide 24/7 detection and immediate response to phishing attacks, ensuring fast remediation to minimize the impact of these threats on your organization's security and operations.
SOC 24/7
BDO MDR’ SOC service provides continuous monitoring, threat detection, and incident response to safeguard company’s digital assets. With a dedicated team of security experts, advanced technologies, and real-time alerts, we ensure rapid incident identification, response, and mitigation, enabling proactive defense against cyber threats around the clock
Managed Detection and Response (MDR)
BDO's Managed Detection and Response (MDR) services have undergone significant evolution since 2016. Initially focused on detection and response using SIEM and SOC operations, the service now incorporates managed solutions to ensure successful detection and effective incident response.
Over time, the service has evolved to become a multidisciplinary operation, going beyond detection and response to provide comprehensive support for successful defense to our customers. BDO MDR views clients as partners in a journey to protect, detect, and rapidly respond to both existing and emerging threats.
The core services include:
Log collection and correlation as a service
Incident Detection and Response
Client access to event and incident analytics and self-service reporting
Cyber Threat Intelligence
Threat hunting
Service monitoring and reporting
Service evolution and innovation
Threat Hunting
MDR's Threat Hunting service delivers rapid detection of "in the wild" spreading cyber attacks and industry-specific threats. With continuous monitoring and collaboration with our detection engineering team, we proactively hunt for threats, leveraging custom threat detection content to ensure timely identification and response, enhancing the overall security posture of our clients.
AWS Cyber Threats Monitoring
MDR's AWS Cyber Threats Monitoring service provides comprehensive monitoring and detection of cyber threats within AWS environments. Our expert team continuously monitors AWS infrastructure, services, and configurations, identifying and responding to threats promptly. With real-time alerts and proactive threat hunting, we help organizations maintain a secure AWS environment and protect critical data and applications.
Azure Cyber Threats Monitoring
MDR's Azure Cyber Threats Monitoring service provides comprehensive monitoring and detection of cyber threats within Azure environments. Our expert team integrates with Azure Logs Analytics, leveraging its capabilities to enhance threat detection. We offer consulting services to optimize detection configurations for better security outcomes. With mature integration, including custom development, we ensure tailored and effective threat monitoring for Azure deployments, empowering organizations to proactively protect their data and applications.
Co-Managed SOC
BDO MDR's Co-managed SOC service offers a collaborative approach to cybersecurity, combining the expertise of our security professionals with the internal resources of organizations. We work hand-in-hand with clients to enhance their SOC capabilities, providing monitoring, threat detection, incident response, and ongoing support. Together, we build a robust defense against cyber threats, leveraging shared knowledge and resources for comprehensive security.
Detection Engineering
BDO MDR Detection Engineering focuses on designing, developing, and optimizing detection rules and algorithms to enhance threat detection capabilities. Our expert team collaborates closely with clients to create custom detection content, fine-tuning it for their specific environment. With our expertise and continuous refinement, we improve the accuracy and effectiveness of threat detection, strengthening overall cybersecurity defenses.
Managed XDR
The MXDR service as a standard supports the Palo Alto Networks CORTEX XDR endpoint solution and Microsoft Defender for endpoint. For other EDR solutions, BDO collects, detects and responds. This service is used to identify cyber security incidents from abnormal behavior (identified on the endpoints) and integrates into the MDR ticketing and automation platform and is used to remotely respond to incidents on the endpoints. The table below provides the details for the EDR technology that will be used to provide this service to the company.
Managed Microsoft Sentinel
BDO MDR's Managed Microsoft Sentinel service delivers comprehensive monitoring, detection, and response capabilities using Microsoft's cloud-native SIEM platform. Our expert team configures and manages Sentinel to ensure optimal performance, leveraging its advanced analytics and automation capabilities. We continuously monitor logs and telemetry data, detect threats, investigate incidents, and provide timely response and remediation. With real-time alerts, threat hunting, and incident analysis, we help organizations stay ahead of sophisticated cyber threats. Our service includes 24/7 monitoring, proactive threat intelligence, custom rule development, and ongoing optimization to maximize the effectiveness of Microsoft Sentinel as a robust security tool for our clients.
Managed Microsoft Defender
BDO MDR's Managed Microsoft Defender service offers comprehensive protection against advanced cyber threats using Microsoft’s defender suite. Our expert team configures and manages Defender to ensure proactive security across devices. We continuously monitor and analyze data, detect malicious activities, and respond promptly to incidents. With real-time threat intelligence, behavior-based detection, and advanced machine learning, we provide a layered defense against malware, ransomware, and other threats. Our service includes 24/7 monitoring, incident response, threat hunting, vulnerability management, and regular reporting to ensure optimal security posture and safeguard critical assets for our clients.
Managed Anti-Phishing
BDO MDR's Anti-Phishing Managed Service offers a comprehensive solution to protect organizations against phishing attacks. With a seamless one-day service setup, our service includes round-the-clock technical support and a proficient cyber analytics team. We provide 24/7 detection and immediate response to phishing attacks, ensuring fast remediation to minimize the impact of these threats on your organization's security and operations.
Automation as a Service
BDO MDR's Automation as a Service leverages the Palo Alto Networks XSOAR platform to deliver automated incident response and security orchestration. Our service incorporates a vast library of content and playbooks, developed and evolving over a few years, to streamline and enhance security operations. By automating repetitive tasks, orchestrating workflows, and integrating security tools, we enable rapid incident response, reduce response times, and improve overall operational efficiency. Our Automation as a Service ensures organizations can effectively respond to cyber threats, mitigate risks, and optimize their security posture with the power of advanced automation and orchestration capabilities
Managed ASM
MDR's Managed Attack Surface Management (ASM) service utilizes the Palo Alto Networks Xpanse platform to provide comprehensive visibility and management of an organization's attack surface. Our service integrates seamlessly with the MDR ecosystem, allowing for efficient monitoring, assessment, and remediation of potential security risks across digital assets. Leveraging Xpanse's powerful capabilities, we identify and analyze exposed assets, misconfigurations, and vulnerabilities, helping organizations proactively manage and reduce their attack surface. With our expertise, proactive monitoring, and actionable insights, we assist clients in strengthening their security posture and mitigating potential threats.
OT MDR
OT MDR (Operational Technology Managed Detection and Response) is a comprehensive service that offers specialized consulting, a robust platform for OT threat detection, and seamless integration with MDR (Managed Detection and Response) detection infrastructure. With OT MDR, organizations can protect their critical operational technology systems from advanced cyber threats.
The service starts with expert consulting, where experienced professionals assess the unique OT environment and develop a tailored security strategy. They identify vulnerabilities, establish best practices, and ensure compliance with industry regulations.
The OT MDR platform combines advanced analytics and machine learning algorithms to continuously monitor and detect anomalies within OT networks. It provides real-time threat intelligence, behavioral analysis, and anomaly detection to identify potential attacks, unauthorized access, or abnormal behavior patterns.
Integration with MDR detection infrastructure ensures seamless coordination between IT and OT security teams. This facilitates swift incident response, effective threat containment, and streamlined collaboration.
OT MDR offers a comprehensive solution to safeguard critical OT systems. Through consulting, a powerful detection platform, and integration with MDR infrastructure, it enables proactive threat detection and response, ultimately ensuring the security and resilience of operational technology environments.
DNS Monitoring
DNS Monitoring is a robust service that leverages Cisco Umbrella, a leading cloud-based security platform, to provide comprehensive monitoring and protection for DNS traffic. This service is powered by BDO MDR a trusted provider of managed security services.
DNS Monitoring utilizes Cisco Umbrella's extensive threat intelligence database and advanced analytics capabilities to continuously analyze DNS requests and responses. It detects and blocks malicious activities, such as command-and-control communication, data exfiltration, and malware infections, at the DNS level.
BDO MDR's expertise in security operations enhances the DNS Monitoring service by providing 24/7 monitoring, threat hunting, and incident response. Their skilled security analysts actively monitor DNS traffic, analyze patterns, and investigate any suspicious or anomalous behavior. In the event of a potential security incident, BDO MDR promptly initiates the appropriate response actions to mitigate the risk and minimize the impact.
By combining the strengths of Cisco Umbrella and BDO MDR, the DNS Monitoring service delivers proactive threat detection and response capabilities. It ensures the integrity of DNS traffic, protects against advanced threats, and provides organizations with the peace of mind that their network is safeguarded against malicious activities.
Events of Interests Platform
BDO MDR "events of interest" methodology is a proactive approach to detecting and responding to potential security incidents. Using this methodology, a single log line or event can be tagged if it meets specific criteria indicating an "event of interest."
One key capability of the "events of interest" methodology is its ability to identify "low and slow" attacks. These are attacks that occur gradually over an extended period, often mimicking normal behavior to avoid detection. By analyzing individual log lines, the methodology can detect patterns or anomalies that suggest such attacks. This enables the identification of subtle malicious activities that may otherwise go unnoticed.
In contrast to the "events correlation" methodology, which focuses on identifying relationships between multiple events to detect attacks, the "events of interest" methodology provides a more granular approach to incident enrichment. By leveraging XSOAR automation, the methodology can gather additional information about an event, enriching its context and enabling a deeper understanding of its potential implications. This helps in distinguishing real attacks from false positives and reduces the number of false positive detections.
When combined with SIEM, the "events of interest" methodology adds an additional layer of detection content. SIEM systems collect and analyze logs from various sources, providing a centralized view of the organization's security posture. By integrating the "events of interest" methodology, SIEM can trigger alerts with higher confidence on real attacks, as it focuses on specific events that meet predefined criteria.
When combined with the "events correlation" methodology and integrated with SIEM, it strengthens the overall security posture, reduces false positives, and improves the detection and response capabilities of an organization.
BDO MDR provides our clients with access to the hunting platform, which features predefined and highly customized dashboards that provide an overview of triggered "events of interest."
MDR Expertise
BDO MDR is backed by a team of exceptional experts who possess a wide range of skills and expertise. Our team comprises the best professionals with extensive experience in SIEM SOC development, customization of automation processes, technical problem-solving abilities, and the creation of sophisticated integrations.
Our experts bring strong analytical skills to the table, enabling us to dissect complex security incidents and identify emerging threats. We possess a deep understanding of forensic techniques, allowing us to conduct thorough investigations and extract valuable insights from security incidents.
Collaboration is a core value of our team. We emphasize effective teamwork, knowledge sharing, and seamless communication to ensure that our clients receive the best possible service. Our experts work closely with each other and with our clients, leveraging their collective expertise to drive success.
Customer success is our primary motivation. Our team is highly motivated and dedicated to ensuring the success of our clients. We go above and beyond to understand their unique challenges and provide tailored solutions that address their specific needs. We strive to exceed expectations and deliver exceptional value to our clients.
Integrations
BDO MDR has developed robust platform integrations that seamlessly connect with hundreds of security systems and log sources, ensuring comprehensive visibility and analysis of critical data. Our integrations cover a wide range of platforms and technologies, including AWS and Azure cloud environments, firewalls, antivirus solutions, EDR/EPP tools, threat detection systems, vulnerability assessment tools, breach attack simulations, databases, active directory, and cloud services.
We understand that every organization has unique security infrastructure and requirements. Therefore, our team has worked diligently to develop customizable and flexible integration solutions. With our expertise, we can integrate any log source that is capable of writing or sending logs into the BDO MDR ecosystem through the development of custom collection engines.
Our SIEM integrations empower organizations with centralized log management and analysis, enabling them to gain valuable insights into security events and incidents across their diverse range of systems. By aggregating and correlating logs from various sources, we provide a holistic view of the security landscape, allowing for effective threat detection, incident response, and compliance monitoring.
Whether it's capturing cloud-specific logs from AWS and Azure, ingesting firewall and antivirus logs, correlating data from EDR tools, analyzing threat detection systems, or monitoring vulnerabilities and breaches, our integrations ensure that no valuable security data is left untapped.
BDO MDR's commitment to continuous development and innovation allows us to stay up-to-date with emerging technologies and security solutions. This ensures that our MDR platform integrations remain effective and adaptable, accommodating new log sources and evolving security requirements.
Difference and Flexibilities
What sets BDO MDR apart is our unique approach to adaptability and flexibility. We understand that every organization has its own infrastructure architecture and a set of existing security tools. We leverage this understanding to provide tailored services that align seamlessly with our clients' specific needs.
Unlike rigid approaches that may require clients to conform to a predefined framework, BDO MDR embraces flexibility. We have the expertise and capability to adapt our services to fit within the client's existing infrastructure and work with their preferred security tools. Whether it's integrating with their SIEM, leveraging their EDR solutions, or collaborating with their in-house security team, we find ways to make the most of the client's investments in their security toolset.
We pride ourselves on our "YES" mentality. Instead of simply saying "NO" to client requests that may fall outside the norm, we embrace the opportunity to explore alternative approaches and explain how it can work to better utilize their investment in security toolsets. We take the time to understand the client's objectives, constraints, and preferences, and then provide practical solutions that meet their requirements while maximizing the value they derive from their security infrastructure.
Our adaptability and flexibility extend to our end-to-end detection and response infrastructure. We have the capability to provide comprehensive detection and response services, covering the entire security lifecycle. However, we also understand that some organizations may have existing security operations capabilities or prefer a hybrid model. In such cases, we seamlessly integrate our services with the client's existing security operations, working collaboratively to enhance their capabilities and fill any gaps in their security posture.
BDO
On-demand best-of-breed services to strengthen our client detection and response capabilities and Capacity gaps.
Sustaining capability and capacity is increasingly difficult with the projected and ongoing shortage of advanced cyber skills. The more advanced skills are in highest demand, and in shortest supply, particularly in rapidly evolving areas and new technology.
By procuring managed security (MDR) services our clients are able to focus their attention and resources on the critical aspects of their internal organization and processes that require the most attention. They also allow clients to benefit from a level of resilience and defense that they would struggle to achieve alone.
The BDO Security Operations Center provides a range of on-demand services to support your 24x7 resilience that enable you to expand capacity when it is most required, and enlist specialist capabilities that you cannot justify employing.
BDO MDR was established in 2017
BDO MDR operates multiple Security operation centers worldwide. Local professionals are providing regional service delivery, project management and incident response capabilities when required.
Global Presence
BDO CYBER DEFENSE CENTER
Part of the BDO Global Network
43 Countries Selling Cyber within BDO
FOOTPRINT EXTENDS TO EVERY CORNER OF THE GLOBE
•BDO provides end to end cyber services to multiple international clients and organizations from different sectors.
•Ophir Zilbiger - BDO Global Cyber leader
•BDO COE - Global MDR, IR, TPRM and additional managed services.
•Strategic partnerships with various BDO firms
•Worldwide collaborations with strategic technology vendors
•Serves as BDO global Cyber “official” offering and provide cyber services to many BDO firms.
On-demand Best-of-Breed Services To Fill Your Capability And Capacity Gaps.
Sustaining capability and capacity is increasingly difficult with the projected and ongoing shortage of advanced cyber skills. The more advanced skills are in highest demand, and in shortest supply, particularly in rapidly evolving areas and new technology.
By procuring managed security (MDR) services our clients are able to focus their attention and resources on the critical aspects of their internal organization and processes that require the most attention. They also allow clients to benefit from a level of resilience and defense that they would struggle to achieve alone.
The BDO Security Operations Center in Israel provides a range of on-demand services to support your 24/7 resilience that enable you to expand capacity when it is most required, and enlist specialist capabilities that you cannot justify employing.
SIEM as a Service
Providing clients with a cloud based platform, that allows collection of events from any device and correlation packages that report to the client.
C-D/SOC as a Service
Providing clients with SOC service – either on their systems via remote management or on our SIEM platform. SIEM service also incorporates providing clients with SIEM content packages both technical and use cases documents.
Proactive Threat Hunting
Providing clients that either have a SIEM or use our infrastructure hunting services, based on their logs and our knowledge.
Forensic and Analyst Services
Providing clients with analysts to analyze events and alerts, etc.
Monitoring and Response Services
Building monitoring services around specific risks and use cases, these can include the collection technology or just monitoring and alerting around a specific technology, this can be MDM in the cloud, AntiVirus, IPS or SCADA environment. This can include providing clients with an endpoint monitoring service that includes the technology endpoints and a 24/7 response service.
BDO Unique Product Services
can deploy and monitor various security solutions for detection and response, deception, investigation & forensics, and automated solutions related to – Endpoint, behavior, network, and data leakage.