New additions beef up intelligence gathering, threat hunting, and mobile device security. Credit: thelightwriter / kao studio / Getty Images Deloitte announced an update this week to its Managed Extended Detection and Response platform. The upgrade boosts the platform’s capabilities to collect intelligence, hunt for threats, and secure mobile devices. Among the new modules added to Deloitte’s MXDR offering:Cyber Security Intelligence, which adds to Deloitte’s tools and proprietary sources intelligence from CrowdStrike Falcon X. The combination will provide users with actionable indicators of compromise (IoCs), threat notifications, threat actor profiles, industry landscapes, automated sandbox analysis, and threat briefing requests for information. “CSI allows us to be much more proactive in our detection, prevention, and understanding of threats so we can be more proactive in planning with our clients,” says Deloitte MXDR leader Curt Aubley.Dynamic Adversary Intelligence, which provides clients with “over-the-horizon” adversary investigations. DAI uses passive intelligence collection methods, including global telemetry, industry-leading application programming interface integrations, refined tradecraft, proprietary analytics of publicly available information, and proprietary sources via Splunk. “DAI gives clients an inside-out view of attackers,” Aubley explains. “It can also give a client the information they need to give to authorities to track down adversaries.”Digital Risk Protection, which lets a client follow their digital footprint online. “We can fingerprint a client’s intellectual property,” Aubley says. “Using that information, along with data like domain names, email addresses, and others, we can look on the open web, deep web, and dark web and see if that information has gotten into the hands of an adversary. Then we can let a client know how to best manage any potential crisis that might arise from that leak. We can also look inside their environment to determine how the leak happened.”Active Hunt and Response, which includes the use of a “dissolvable agent” that can be planted in the memory of an endpoint and collect data about an attacker while remaining invisible to them.In addition, a new Mobile Prevent, Detection, and Response module has been added to the MXDR platform. It has expanded hunting capabilities and is fully integrated with CrowdStrike Falcon for Mobile Endpoint Detection and Response and CrowdStrike’s mobile threat defense.Modular approach to threat detection and responseAubley explains that the modular approach to MXDR adopted by Deloitte resulted from experience with clients. “We find clients sometimes have challenges taking intelligence and making it actionable,” he says. “By creating very clear modules, then the clients can pick modules that they know they’re going to get some actionable capability from.” Creating a platform that combines Deloitte’s technology and manpower with partners such as CrowdStrike and Splunk is also a way to give clients what they need, he notes. “We’ve created a platform with our alliance partners that brings the best of the best—companies in the upper right corner in Gartner’s Magic Quadrant—to market in a way that makes it easy for clients to get the outcomes they’re looking for.” “We’re trying to take XDR to the next level,” he adds. “With MXDR, we can continue to add modules with our alliance partners to help our clients stay one step ahead of their adversaries.” Related content news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities news Suspected Chinese hack of Britain’s Ministry of Defence linked to contractor, minister confirms The UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner. By John Dunn May 08, 2024 4 mins Aerospace and Defense Industry Data Breach Government news analysis Massive security hole in VPNs shows their shortcomings as a defensive measure Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there. By Evan Schuman May 08, 2024 8 mins Threat and Vulnerability Management Data and Information Security Network Security news DocGo says hackers stole patient data in a recent cyberattack The attack compromised some healthcare data with no material or financial losses, the company said. By Shweta Sharma May 08, 2024 3 mins Data Breach Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe