Deloitte expands its managed XDR platform

Deloitte announced an update this week to its Managed Extended Detection and Response platform. The upgrade boosts the platform’s capabilities to collect intelligence, hunt for threats, and secure mobile devices. Among the new modules added to Deloitte’s MXDR offering:

• Cyber Security Intelligence, which adds to Deloitte’s tools and proprietary sources intelligence from CrowdStrike Falcon X. The combination will provide users with actionable indicators of compromise (IoCs), threat notifications, threat actor profiles, industry landscapes, automated sandbox analysis, and threat briefing requests for information. “CSI allows us to be much more proactive in our detection, prevention, and understanding of threats so we can be more proactive in planning with our clients,” says Deloitte MXDR leader Curt Aubley.

• Dynamic Adversary Intelligence, which provides clients with “over-the-horizon” adversary investigations. DAI uses passive intelligence collection methods, including global telemetry, industry-leading application programming interface integrations, refined tradecraft, proprietary analytics of publicly available information, and proprietary sources via Splunk. “DAI gives clients an inside-out view of attackers,” Aubley explains. “It can also give a client the information they need to give to authorities to track down adversaries.”

• Digital Risk Protection, which lets a client follow their digital footprint online. “We can fingerprint a client’s intellectual property,” Aubley says. “Using that information, along with data like domain names, email addresses, and others, we can look on the open web, deep web, and dark web and see if that information has gotten into the hands of an adversary. Then we can let a client know how to best manage any potential crisis that might arise from that leak. We can also look inside their environment to determine how the leak happened.”

• Active Hunt and Response, which includes the use of a “dissolvable agent” that can be planted in the memory of an endpoint and collect data about an attacker while remaining invisible to them.

In addition, a new Mobile Prevent, Detection, and Response module has been added to the MXDR platform. It has expanded hunting capabilities and is fully integrated with CrowdStrike Falcon for Mobile Endpoint Detection and Response and CrowdStrike’s mobile threat defense.

Modular approach to threat detection and response

Aubley explains that the modular approach to MXDR adopted by Deloitte resulted from experience with clients. “We find clients sometimes have challenges taking intelligence and making it actionable,” he says. “By creating very clear modules, then the clients can pick modules that they know they’re going to get some actionable capability from.”

Creating a platform that combines Deloitte’s technology and manpower with partners such as CrowdStrike and Splunk is also a way to give clients what they need, he notes. “We’ve created a platform with our alliance partners that brings the best of the best—companies in the upper right corner in Gartner’s Magic Quadrant—to market in a way that makes it easy for clients to get the outcomes they’re looking for.”

“We’re trying to take XDR to the next level,” he adds. “With MXDR, we can continue to add modules with our alliance partners to help our clients stay one step ahead of their adversaries.”