Are your IT systems already compromised?
The risk is real and ever-present. The available facts and figures speak for themselves.
According to the IBM Data Breach Report 2023: “The global average cost of a data breach was 4.45m US$”.
82% of security breaches affected data stored in the cloud.
Around 50% of US companies experienced a cyberattack in 2023, according to a Statista survey.
This leads to the conclusion that, despite existing security and prevention mechanisms, there is obviously a very high probability that a company’s IT infrastructure will be compromised sooner or later – or has already been compromised. This risk can be attributed primarily to the following factors:
- Insufficient prevention measures
A lack of vulnerability management increases the potential attack surface. - Inadequate detection
Attacks and attempted attacks are not detected at all or are detected far too late.
Based on our expertise in the areas of pentesting, vulnerability detection, data analytics and security operations, we have developed a suitable solution: Trovent Managed Detection & Response (MDR).
Overview:
What is Trovent MDR?
The main objective of our MDR solution is to identify anomalies that indicate security-relevant incidents as quickly as possible.
With Trovent MDR, intrusion (attempts) can be detected at an early stage. Therefore costly damages as a result of production downtime, data theft, blackmail or otherwise can be effectively prevented.
Trovent MDR - Identifying relevant events
Trovent MDR automatically detects security-relevant incidents from a flood of log data messages and network flows. For this purpose, we rely on rule-based processing and machine learning algorithms.
The result: Trovent MDR processes high volumes of data with low informational value and identifies a small number of security-relevant events that can be further analysed by SOC experts.
Our Trovent MDR solution achieves this without interfering massively with existing IT infrastructure! Our attack detection solution only uses the data that your infrastructure already provides. It runs agentless, i.e. is non-intrusive.
Using existing knowledge effectively:
MITRE ATT&CK
Trovent relies on the MITRE ATT&CK framework, among others, as the basis for implementing the most effective detection of security-relevant incidents in order to ensure broad coverage of possible attack scenarios, methods and techniques.
In Trovent MDR, the ATT&CK knowledge base is used as the basis for the development and maintenance of rule-based and machine learning-supported attack/threat detection.
Why we use Machine Learning
Rule-based detection of potential attacks is a solid foundation. However, in the context of diverse and rapidly changing attack patterns, it is no longer sufficient. This is why Trovent also relies on Machine Learning in its MDR solution.
Machine Learning (ML) makes it possible to automatically detect unknown attack patterns. The algorithms used by Trovent MDR increase the detection rate of attacks and attempted attacks and at the same time significantly reduce the processing effort.
Use MDR as a service
Even the best attack detection is of no use to a company’s resilience if there is no suitable response process in place and no trained security operations (SOC) staff available to respond promptly and appropriately to detected incidents. This is why we always deliver our attack detection solution as a managed service.
We deliver detection and response – as a solution that can be flexibly adapted to your existing IT infrastructure environment.
What we offer
Continuous tuning of detection rules and algorithms
The evaluation of potentially security-relevant messages
The exclusion of false positives (false alarms)
Detailed analysis of complex incidents
Actionable remediation instructions to contain damage potential
In short: We operate the system and manage the majority of the response process. This allows you to massively increase your detection and response capacity without our MDR flooding your IT team with a flood of alarms and reports from a wide variety of sources.
- Normalisation
- Pre-processing
- Rule-based
- Correlation
- Machine
learning
- Remove false positives
- Assess
relevance - Enrichment
- Verification of level-1 analysis
- Complex cases
- In-depth
analysis
- Reduce damage potential
- Minimise risk of contagion
- Implement
recommendations - Containment
Build up knowledge automatically
In order to maximize the possibilities of automated attack detection, the availability of knowledge about components and correlations in the existing IT infrastructure is of crucial importance.
For this reason, Trovent MDR uses the Trovent Context Engine, which is based on a graph database.
The Trovent Context Engine enables the automated creation of knowledge about infrastructural relationships in the monitored IT infrastructure. This significantly accelerates your security operations processes.
Integration of Trovent MDR in your infrastructure
The Trovent MDR system is able to process log data and network metadata (flows) from any source. Cloud, on-premise or hybrid – everything is possible.
This means that logs from Azure, M365, GCP (Google), AWS and a large number of common cloud applications are on board the Trovent MDR system in no time at all.
Logs from on-premise systems such as Windows Server, Linux Server, firewall/proxy, mail gateway, VPN gateways, antivirus solutions and routers/switches (netflow/sflow) can also be received.
And what is the required infrastructure for Trovent MDR itself? We can operate the MDR system on-premise or in your preferred cloud. Deployment takes place within minutes, regardless of your preferred target infrastructure.
How does your company benefit from Trovent MDR?
From the information security officer to the management: The biggest advantages of Trovent Managed Detection & Response from different perspectives.
- Insight into network traffic
… and the behavior of the IT infrastructure as a whole. This enables rapid detection of unwanted network traffic flows and compromised hosts. - Fast deployment
No lengthy implementation and tuning phase. The detection capabilities of the Trovent platform are based on the MITRE ATT&CK framework, which means that it is ready to use immediately after deployment and connection of the data sources. - No massive intervention
Trovent MDR is embedded in the existing IT infrastructure. The solution draws maximum benefit from existing data sources such as logs, network flows and events from third-party systems (e.g. host IDS or AV system) for the detection of security-relevant incidents. - Passive data sources
The data sources are largely received passively. Therefore, no invasive interventions in the existing IT infrastructure are required. - Acceleration through ML
The targeted use of Machine Learning algorithms enables the detection of correlations that human analysts cannot identify in a reasonable amount of time. In addition, these can be correlated with findings from rule-based detection. - Delivery as a service
Trovent MDR means that experienced experts take care of the topic. This means that the solution is ready to use immediately, without the lengthy and costly process of setting up a dedicated, internal security operations team. - Increased productivity
A flood of log and event data is avoided. The focus is on the really security-relevant events. - High flexibility
The use cases can be adapted to the environment as required at any time using a dedicated editor. The same applies to integration into existing security operations processes. - No cost explosion
… due to expensive license models based on the number of events per second or data volumes. Billing is based on volume-independent flat rates. - Transparency and traceability
No “black box” approach. The detection of security-relevant events is traceable at all times.
- Compromised or not?
Trovent MDR provides the technical basis for determining whether the integrity and confidentiality of your IT infrastructure has been or is being breached.
Objective assessment of the threat situation and the maturity level of the company’s cyber security infrastructure and processes. - Minimization of additional costs
Trovent MDR is offered as a service. This eliminates the lengthy and expensive process of setting up your own dedicated security operations team. - Increased resilience
Attacks and threats are detected immediately. This allows appropriate measures to be initiated immediately. This avoids lengthy, costly IT infrastructure outages. - Protection of “information crown jewels”
Confidential customer data, sensitive business information, intellectual property and the like are effectively protected. This actively prevents costly reputational damage. - No dependency
It is possible to work towards independent operation of the Trovent MDR solution.
- State of the art
The ‘state of the art’ required by Art. 32 GDPR is demonstrably used to “…ensure the confidentiality, integrity, availability and resilience of the systems […]”. - Immediate detection
Possible breaches of confidentiality and integrity can be detected at an early stage. This enables the data protection officer to immediately report possible incidents to the responsible authorities in accordance with Art. 33 GDPR. - Preparation for a crisis
A functioning anomaly detection system requires the central collection of network traffic/log data. In the event of a crisis, this in turn provides the data basis for recognizing when, to what extent and, if applicable, by whom data and infrastructure have been compromised.
Prevention of reputational damage due to loss of personal data or malicious use of this data by third parties. - GDPR-compliant processing
Personal content in the log data received (account names, IP addresses, email addresses, etc.) can be pseudonymized. If necessary, in the course of processing a security-relevant incident, the original values belonging to the respective pseudonym can be viewed in a separately protected storage area by appropriately authorized employees of the customer.
- Assessment of the initial situation
Thanks to Trovent MDR, objective statements can be made at any time about the risk to the IT infrastructure and information security. - Basis for risk analysis
A functioning risk assessment of information security in accordance with ISO 27001 or IEC 62443 and other standards requires that you proactively identify your weak points in order to be able to assess and quantify risks. - Assess and quantify risks
Trovent MDR creates the basis for this. - Compliance with standards and legal requirements
The use of Trovent MDR enables the implementation of the “state of the art” and the fulfillment of the obligation arising from the IT Security Act 2.0 to use systems for attack detection.
Test Trovent MDR in your environment
Would you like to see Trovent MDR in action in a real environment?
We would be happy to demonstrate the performance of our platform in your IT infrastructure. Get in touch with us!
We will arrange the framework conditions for the test use of our MDR security solution as quickly as possible.
Looking for detection expertise?
Do you see a need for action in your IT security architecture?
Would you like to implement improved attack detection in your
implement improved attack detection in your company?
Would you like to talk to an expert on the subject of cyber security?
We will be happy to provide you with a free consultation.