Top Categories

Spotlight

todayApril 30, 2024

Cyber security Csaba Krasznay

Vulnerability trends in early 2024

What is being hacked and why? With the press reporting serious software vulnerabilities week after week, we investigated whether the situation this year is really as bad as the news suggests. Confluence vulnerability here, Ivanti vulnerability there, all of this spiced up with some Microsoft attacks here and there, of [...]


White Hat journey to MXDR

Cyber security White Hat todayNovember 21, 2023 74

Background
share close

White Hat IT Security recognized with Microsoft verified Managed XDR solution status

Budapest, Hungary — 25/10/2023

White Hat IT Security announced that it has achieved the Microsoft verified Managed Extended Detection and Response (MXDR) solution status. By this achievement White Hat IT Security has proven their robust MXDR services including a Security Operation Center (SOC) with 24/7/365 proactive hunting, monitoring, and response capabilities all built on tight integrations with the Microsoft Security platform. This solution combines expert-trained technology with human-led services and has been verified by Microsoft engineers.

“Achieving the MXDR solution status is an important step up in our career – something we’ve been working hard for, and we are quite proud of. Our team is evolving, there are always new milestones on our roadmap, and working together with Microsoft helps reach our business goals.” – commented Sándor Fehér, CEO and co-founder of White Hat IT Security.

“With malicious attacks on the rise, we understand security is front and centre for our customers. That is why I am excited to congratulate White Hat IT Security on achieving Microsoft Verified: Managed Extended Detection and Response solution status. Their solution closely integrates with Microsoft 365 Defender and Microsoft Sentinel and has been verified by Microsoft Security engineering to ensure that it provides comprehensive service coverage across the Microsoft Security portfolio.” – Rob Lefferts, CVP, Modern Protection and SOC, Microsoft 

White Hat IT Security is also part of Microsoft’s ecosystem of hand-picked security providers, the Microsoft Intelligent Security Association (MISA). “The Microsoft Intelligent Security Association is comprised of some the most reliable and trusted security companies across the globe”, said Maria Thomson, Microsoft Intelligent Security Association Lead. “Our members share Microsoft’s commitment to collaboration within the cybersecurity community to improve our customers’ ability to predict, detect, and respond to security threats faster. We’re thrilled to recognize and welcome White Hat IT Security MXDR solution to the MISA portfolio.”

This was the official press release on our latest achievement but let’s see the journey that led us to this point of our evolution.

The 5 years since our company was founded in 2018 have been filled with intensive and focused work. It is crucial for a start-up company to build professional relationships that help go-to-market processes and provide opportunities for continuous development. We quickly recognized the potential of the Microsoft partnership, which not only includes the integration of the Microsoft security platform into our defensive and offensive services, but also additional business, technology, and marketing benefits.

Thus, our initial incident response and vulnerability assessment service was soon expanded with the White Hat Manage Security Solution, and we have embarked on a journey that has a lot of potential.

Our Microsoft partnership process in the last 5 years

What does the MISA membership mean?

MISA (founded in 2018) is an ecosystem of Independent Software Vendors (IVS) and Managed Security Service Providers (MSSP) that have integrated their solutions with Microsoft. We became members of MISA as an MSSP. MISA offers members the opportunity to deepen their integrations and relationship within the Microsoft SCI Ecosystem, as well as co-marketing benefits. Becoming a MISA member was preceded by a rigorous evaluation process by Microsoft engineers, during which our technology and competence was under scrutiny. This partner status means that Microsoft supports White Hat IT Security to provide managed or on-demand cyber protection and to prevent and avert threats at their corporate clients.

A few benefits of being a MISA member

  • Possible BETA access to new features or pilot program invitations
  • Designated MISA badge for member marketing material and event signage
  • Placement in the MISA member catalogue to solution offering(s) in Microsoft Commercial Marketplace
  • Ability to request a Microsoft expert to present at member events, workshops, and webinars

The most important of the above for us is that Microsoft’s recognition greatly increases our credibility in the medium-sized and enterprise segment.

But what on Earth are those three (four)-letter acronyms?

Let us take a few steps back to understand what the MXDR solution actually means.

With the emergence of Covid-19, remote working has increased like never before, which has caused the need for improved Endpoint-focused Detection and Response (EDR) solutions.

However, it soon became clear that protecting endpoints with separate email and identity protection wasn’t enough. A significant part of attacks targets the gap between them, so a complex strategy became necessary that can put end-to-end relationships into context, better recognize user habits and attack patterns.  This is what we call an eXtended Detection and Response (XDR).

XDR is a cross-platform approach, where the task of defensive professionals is not only to detect and respond to attacks, but also to analyse the causes and possible consequences of the incident. This is a deep investigative process to ensure that the incident does not happen again. Microsoft’s XDR tool is Microsoft Defender XDR (formerly Microsoft 365 Defender), which learns attack patterns using integrated AI, but security researchers can also add custom detections tailored to customer needs. Automatism is crucial because the time window for responding gets shorter and shorter, as attack modes become more sophisticated. Microsoft Defender XDR does most of the tasks (like triage) automatically. With the help of this automatism, otherwise scarce human resources can be used for more valuable work.

While XDR is a cross-platform approach to endpoint detection and response, Managed Detection and Response (MDR) is an outsourced security service that specializes in threat detection and response.

Managed Extended Detection and Response (MXDR) is something like adding XDR and MDR. With this managed security services providers (MSSPs) with a verified MXDR solution – like White Hat – can perform XDR continuously, 7/24/365.

The MXDR verification process

The biggest challenge for us was to ensure a round-the-clock service. This means a 3-shift work schedule in a labour market situation where the number of quality professionals available is very scarce. However, thanks to conscious construction, we managed to build a stable, committed and constantly expanding team behind the service – who are trained constantly.

We applied for the MXDR verification in spring 2023.  Our service had to meet the highest industrial standards and such strict criteria as:

  • providing of 24/7 incident monitoring (MXDR solution) which is visible on our website
  • advanced hunting and investigation capabilities
  • tight integration of our services with Microsoft security platform
  • providing of automated and easy onboarding process (with an entry point embedded in our website)
  • managing incidents from alerting to closing in Microsoft Defender XDR and Microsoft Sentinel
  • 3 customer references (500+ seats) to show management capabilities across MS tools and platforms
  • completing a total of 3 Security workshops and / or RFP’s
  • being a MISA and / or MSSP sales partner

After some technical refinements, we received the verification this October – which means entry into an elite team that currently includes merely 49 MSS companies worldwide. This has put us on the same page as industry giants BlueVoyant or Red Canary.

Microsoft Intelligent Security Association

Why is the MXDR verification good for us? Why is it good for our clients?

  • Microsoft provides special support to the sales and marketing activities of its partners. It provides technological support and opportunities for continuous professional development. The latter is also important because the MXDR rating is reviewed annually. This means that we can help our customers even more effectively with their Microsoft deployment and onboarding, provide consulting on deep technical issues with the help of Microsoft engineers at the ready, and gain a deeper and constantly developing knowledge into Microsoft security tools and solutions.
  • We may come into view of global corporations that are looking for MSS providers through Microsoft. The trend shows that the number of companies cooperating with external MSS providers will increase rapidly – with MSSPs constantly struggling with human resource needs and thus experiencing a sometimes hindered growth path.
  • Our team can get exclusive access to Microsoft developments, participate in software testings, and have a direct channel to the Microsoft engineer team. So, when our customers are hit by a sophisticated adversary, we can bring the power of best-in-class technologies and security know-how to tip the scales in their favour.

Doesn’t all this sound as pure benefit?

We sure hope so – as our aim is to keep elevating and deepening our relationship with Microsoft, to be able to provide the best possible MXDR service to our customers.

Sources:

Microsoft expands MXDR services | Microsoft Security Blog

EDR, XDR And MDR: Understanding The Differences Behind The Acronyms (forbes.com)

Written by: White Hat

Tagged as: , , , .

Rate it
Previous post

Similar posts

Cyber security Csaba Krasznay / April 30, 2024

Vulnerability trends in early 2024

What is being hacked and why? With the press reporting serious software vulnerabilities week after week, we investigated whether the situation this year is really as bad as the news suggests. Confluence vulnerability here, Ivanti vulnerability there, all of this spiced up with some Microsoft attacks here and there, of course all exploited by nation ...

Read more trending_flat