Deloitte recently announced that it has expanded its managed extended detection and response (MXDR) platform by adding four new modules and improved intelligence. Adding to the earlier modules in the MXDR platform that included: identity, insider threat, proactive hunting, intelligence, attack surface and vulnerability management; and unified XDR log and analytics management, the new modules for dynamic adversary intelligence, digital risk protection, threat hunting and mobile device security are designed to provide enhanced cyber offerings to their customers.
Curt Aubley, MXDR by Deloitte Leader and a Deloitte Risk & Financial Advisory Managing Director, Deloitte & Touche LLP, said, “As the threat landscape continues to change rapidly, we want to offer our existing and future client’s access to what we call the ‘next generation’ of threat intelligence and threat hunting capabilities. With this new MXDR expansion, we focused on helping organizations take a more proactive defensive posture in their cyber programs—whether they choose to do so via our whole platform or use of just a few of our MXDR modules.”
MXDR by Deloitte now includes the following additional modules:
Dynamic Adversary Intelligence (DAI): This module assists businesses in expanding and increasing the relevance of the intelligence data they use to make security-related decisions. The DAI module helps clients in performing over-the-horizon adversary investigations by exploiting the open web without having to deploy sensors into a client environment and by gathering intelligence data from the dark web, ransomware, cryptocurrency, and network enumeration of malevolent cyber actors and nation states. The Splunk component of MXDR by Deloitte uses passive collection techniques for DAI investigations, leveraging global telemetry, industry-leading application programming interface (API) integrations, skilled tradecraft, proprietary analytics of publicly available information, and proprietary sources.
Cyber Security Intelligence (CSI): In order to provide actionable Indicators of Compromise (IoCs), threat notifications, threat actor profiles, industry landscapes, automated sandbox analysis, as well as threat briefings, CSI data has expanded the platform’s core intelligence body of knowledge to include Deloitte’s own proprietary sources and tools as well as CrowdStrike Falcon X automated threat intelligence (RFIs).
Digital Risk Protection (DRP): The DRP module provides a way for businesses to track their external “digital footprints” on the open, deep, and dark webs, as well as on mobile applications and social media. It warns businesses about dangers like possible intellectual property exposure and potential email, credential, brand, and other misuse so that security teams can concentrate on quickly stopping the fraudulent activities that put their employees, clients, and brand at risk.
Mobile Prevent, Detection, and Response (MPDR): Deloitte has increased the specialized hunt capabilities provided for mobile within the MPDR module, recognizing that mobile device management programs sometimes find it difficult to keep up with the security requirements for expanding and diversified on-network mobile devices. Additionally, CrowdStrike Falcon for Mobile Endpoint Detection and Response (EDR) and CrowdStrike’s mobile threat defense are now fully integrated with the module (MTD).
Active Hunt and Response (AHR): A new dissolvable, in-memory hunt sensor and next-generation active hunting capabilities are provided by the AHR module, which also includes Deloitte’s own analytics. For unique client mission requirements, such as high-latency, low-bandwidth, or physically segregated networks, AHR can be delivered across the entire platform or as a standalone on-site capability. The module expands on existing platform features that enable threat hunting that is speculative, escalating, and retrospective.