How Does Varonis MDDR Help to Mitigate Complex Threats
Author: Beth Laws
Release Date: 23/12/2024
The new Varonis Managed Data Detection and Response (MDDR) offering provides 24/7, 365 days a year service. MDDR combines the data security platform’s award winning threat detection technology alongside the Varonis team of cyber experts to investigate and respond to threats every day of the year.
What is MDDR and why is it different?
MDDR is an optional additional service for the Varonis SaaS platform. With this service the Varonis team of data security experts will continuously monitor, investigate and respond to alerts in the Varonis SaaS data security platform for all hours of the day (not just when your security people are working, but when they are asleep). The team of cyber experts will have their eyes on customer alerts around the clock and will work with the help of the Varonis AI alert analysis and automated responses to investigate and triage alerts. Alerts will be escalated to customers only when required, allowing customers to focus on other priorities and feel reassured their Varonis alerts are in good hands. There is also an Industry-best SLA to govern the MDDR service, which indicates impressive response times of 120 minutes for alerts and as quick as 30 minutes for ransomware attacks.
Typical MDR services can be very endpoint and network focussed, often monitoring the threats and examining how an intruder gained access. The downfall is, they fail to provide any information about the data involved in the attack. This means, despite the consistent monitoring, questions such as ‘What type of data was accessed?’ and ‘Was the data exfiltrated?’ are still left unanswered if you don’t include a Data Security Platform like Varonis, which will answer these types of questions. Varonis MDDR is different as it takes a data centric approach. Its built-in data classification engine means the MDDR team will understand what data has been touched and, very importantly, whether this is sensitive information. Providing the MDDR team with this extra layer of context means the level of severity of the attack can be understood immediately and therefore swiftly assign the appropriate level of response for you, the customer.
UBA and Threat Models
Varonis are very proud to offer a platform that employs AI and User Behaviour Analytics (UBA). The platform monitors account activity across data stores, perimeter telemetry devices and Active Directory, to get to know what is normal behaviour for the users. The platform can then build up a profile on accounts, to then be able to alert on any activity which seems out of the ordinary for employees. This means, the alerts seen in Varonis are meaningful and valuable and avoids the important ones getting lost in a sea of invaluable events.
There are increasingly many methods and tools that attackers use to compromise an organisation's accounts and gain access to data and, as well as the UBA, the Varonis platform has multiple predefined built-in threat models that help detect and protect against these. Frequent updates are issued to these threat models to ensure they are up to date due to cyber attack techniques continually evolving.
Triggered alerts are consolidated in the Alerts dashboard within the Varonis Web Interface. From here, it is very easy to dive deeper into the alert details, helping to understand what data has been affected.
24/7, 365 Coverage
The Varonis team of cyber experts monitoring alerts consists of people around the world. Having a global team of experts that follows the Sun means this service can run 24 hours a day, 7 days a week for 365 days a year to provide customers with peace of mind that their alerts are under control.
As well as the continuous monitoring, all MDDR customers receive a monthly report regarding their current security posture. The report summarises information and statistics on any current security misconfigurations and recommended remediations and any current data over-exposure to help remind customers of their current security posture and any actions required to improve this.
MDDR Executive Dashboard
If customers are intrigued by what alerts the MDDR team have been investigating or wish to monitor these themselves, they can take a look whilst the MDDR team still works their magic. Customers will have access to their Varonis interface as normal and from here can easily check the Alerts or MDDR dashboards. The MDDR Executive Dashboard provides insights on which alerts are currently under investigation by the MDDR team and which have already been actioned and closed. The dashboards even feature comments or notes from the MDDR experts regarding investigation findings.
