Managed Detection and Response (MDR), by Socura

Socura’s MDR services align with the major requirements of customers that don’t have extensive security teams with problem resolution and response capabilities. In this segment, customers typical opt for automated response actions by the MDR service when problems are detected – Socura states that 96% of detected incidents are handled without any customer escalation. However, Socura does provide customers options to define how the service works for them individually, and the freedom to change their preferences (e.g. the extent of automation they require) to match business needs.

This highlights a balance between using automation to make SOC operations more efficient, while recognising that full automation is too large a step for many customers because of control issues. It is important to note an implication of this position with regard to automation, namely that AI as a control mechanism (i.e. more automation than at present) seems unlikely to match what customers want. Indeed, Socura customers actively use the freedom to define their service experience to be bespoke – something that some larger MDR providers are less likely to accommodate. This focus on the service experience that Socura provides also dictate its decision not to situate a SOC outside the UK, or to hire abroad, while the scale of demand matches its choice to be UK-situated. Similarly, the company believes that attempts by some providers to deliver too many add-on services could also negatively affect quality of service.

The scope of services within Socura MDR is:

• Extended detection and response across networks, endpoints and clouds (AWS, Azure and GCP).
• Bespoke rule development based on detection use cases.
• Automated threat containment and disruption.
• Integrated in-house and external cyber threat intelligence.
• Proactive human-led threat hunting for identification of unknown threats.
• Integration with client-owned technologies.

Socura has partnerships with three incident response companies that can provide its customers with digital forensics and remediation support in the event of business impacting incidents.  The partners each have a relevant specialism: Unit42 has particular expertise with Palo Alto Networks tools; Mandiant is an equivalent Google specialist; and Thomas Murray is expert in finance industry issues. An example of a requirement for these services would be dealing with the aftermath of a data breach, where response activity would be bespoke, and its duration much longer than automated or short-term response can provide. Where customers do opt for such partnerships, Socura supports the partner’s incident response work fully throughout the period it takes to complete.

Customer Quotes

“The service is always excellent and nothing is too much trouble. We see Socura as an extension of our team.”
Group Head of Information Security, Construction sector

“Really accommodating to our needs and providing expertise to achieve our goals.”
Information Security Manager, Finance industry

Socura MDR can be delivered via a combination of leading security solutions, integrated according to customer preferences. Socura is a capable of supporting a wide range of toolsets.

XDR solutions help security teams perform more effective threat detection, investigation and incident response. XDR solutions combine the once-separate capabilities within EDR and NDR product, which addressed the same problems for Endpoints and Networks respectively. The ‘X’ of XDR symbolises the capability to apply detection and response no matter which part of the technology estate is used by a threat. SOAR solutions support a defined, workflow approach to the steps required in responding to incidents, incorporating automation to reduce timescales and to ensure compliance. SIEM solutions act as a data repository for raw security data, and support investigation and response as well as being a potential source of threat intelligence.

Socura MDR allows alternative XDR/EDR solutions to be integrated via the SOAR tool if required – Socura has solution partnerships with Crowdstrike and SentinelOne. It also has a partnership with Hunters, whose threat hunting solution capabilities can be integrated and provided with Socura MDR.

Cyber threat intelligence from surface, deep and dark web sources can be incorporated in detection decisions via Socura’s partnership with SOS Intelligence.

As part of their initial set-up with Socura MDR, customers agree a framework of preferences. This starts with which partner solutions the customers wishes to use for their service, as well as which actions and decisions will be automated, and what level of interactivity is appropriate for the customer’s security team. Socura makes no charge for subsequent minor changes to these preferences, and neither are small extra requirements chargeable (e.g. processing an additional log).

A recent addition to the service is Socura’s Detection Rule Automation Engine (DRAE). This applies knowledge from the company’s threat detection content library, combined with any customer preferences, to decide automatically what detections rules to push to a SIEM. Along with use of the SOAR within the service, the increasing level of automation that can be applied to service delivery is foundational for scaling up Socura’s customer base without increasing the company’s costs proportionally.

MDR services can vastly help organisations to improve their security postures, shield them from threats, and mitigate incidents that occur. These requirements are as critical for up-and-coming companies, and small-to-medium-sized organisations, as they are for much larger enterprises that may have their own security skills and solutions budgets.

Socura provides MDR services that are accessible for organisations with requirements at the less expansive end of the spectrum of threat protection, but which still meet high quality criteria and would also suit some larger organisations. The UK-based company is very well-certificated and experienced indeed, and the quality of its MDR service is proven by its 100% customer retention, and a top-level NPS score.

It can provide a choice between leading platforms and tools for XDR, SOAR, and SIEM, and offers customers flexibility in integrating their own solutions to the MDR service. Customers can select a number of complementary services from Socura partners (e.g. threat intelligence, threat hunting, and enhanced incident support).

In Bloor’s opinion, Socura should be a consideration for any organisation looking for expert help with its threat detection and response needs.