Using our decades of experience and expertise in cyber security, Accenture’s solution is compliant with federal regulations an industry standards such as the National Institute of Standards (NIST), and Health Information Portability and Accountability Act (HIPAA). Accenture is an industry leader in designing and implementing innovation cyber security services and solutions, with a dense portfolio of government and commercial clients. MDR offers a unique value proposition for the federal sector – giving SMBs the opportunity and resources to combat potential threats on par with large agencies. Not only is MDR outcome focused, it’s an adaptive, tool-based approach to threat detection that empowers agencies to protect themselves and respond more effectively. This sophisticated method of event analysis and threat intelligence give agencies the ability to customize their intelligence to fit their mission-specific needs, empowering them to keep pace with threat velocity. Security is more than just compliance; good cybersecurity is dynamic and evolving cyber climate.
Features:
Monitoring and analysis
Incident Response
Tool-based cyber threat intelligence monitoring
Incident remediation and containment consulting
Digital malware analysis
Cyber Threat Emulation
Adversarial Simulation
Cyber Threat Hunting
MDR builds upon Accenture’s global leadership in cybersecurity innovation as well as our ongoing engagements with numerous federal agencies to help maintain a best-in-class security posture at a sustainable cost. As a Managed Service, we provide:
Cybersecurity Professionals – Multidisciplinary teams with diverse skillsets that work together to quickly address a wide variety of real-time threats. We recruit the industry’s best talent and invest in continuous training to help you take advantage of economies of scale.
Established Best Practices – Our methodology encompasses both federal requirements as well as emerging best practices, accelerating our ability to detect and respond to both known and unknown threats.
Industry-leading Technologies – Taking advantage of our global partnerships, we bring together the most innovative technologies to meet the widest array of threats and attacks. MDR is a full-stack approach that ensures attack-chain visibility for continuous endpoint monitoring, proactive threat mitigation and vulnerability protection. This integrated approach can provide more cost-effective and complete coverage. Many federal clients have reported savings of 50% or more using MDR from Accenture Federal Services.
FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. Available with any FireEye solution, FireEye Helix integrates your security tools and augments them with next-generation SIEM, orchestration and threat intelligence capabilities to capture the untapped potential of security investments. Designed by security experts, for security experts, it empowers security teams to efficiently conduct primary functions, such as alert management, search, analysis, investigations and reporting.
Advanced features that simplify and improve security:
Threat Intelligence: Detect, enrich, explore and learn about the latest intelligence threats.
Security Orchestration: Automate response with pre-built playbooks created by frontline practitioners.
Next-Generation SIEM: Improve threat and vulnerability detection with advanced user behavioral analytics.
Workflow Management: Organize, assign, collaborate and action steps through the investigative process through automated and manual workflows.
Investigative Workbench: Index, archive and search across alert and event data from all sources across the infrastructure to support flexible pivoting and fast hunting.
Compliance Reporting: Use and customize dashboards and widgets to visually aggregate, present and explore the most important information.
Simplify Analysis: Collect, store and analyze event data in a single log source with custom rules and alert queues.
Lightweight Deployment: Enable rapid, scalable, and cost-efficient deployment across cloud, on-premise, and hybrid environments.
FireEye Threat Analytics Platform is now a part of Helix
In a nutshell, PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information. These metadata are collected from public OSINT and private feeds. As today, it’s one of the most extended database of exploits and vulnerabilities (with or without CVE).
PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations. PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations (scans, searches, API calls, ...), aggregating the results, relaying alerts on third parties (ex: Incident Response platform like TheHive, Splunk, ...) and providing the reports and dashboards. Operations are performed by the PatrowlEngines instances. Don't forget to install and deploy them ;)
InsightConnect is a security orchestration and automation solution that enables your team to accelerate and streamline time-intensive processes—no code necessary. With 200+ plugins to connect your tools and easily customizable connect-and-go workflows, you’ll free up your team to tackle other challenges, while still leveraging their expertise when it’s most critical.
Here’s how it works: • Connect your existing tools • Build automated workflows • Set up decision points • Improve operational efficiency
With InsightConnect, your team will get more done and respond to security events faster than ever before. And with significant time savings and productivity gains across overall security operations, you’ll go from overwhelmed to operating at maximum efficiency in no time flat.
Features For High-Velocity Security Operations
Integrated and Extensible
Connect your existing tools with our library of 200+ plugins, or create your own plugin with our software developer’s kit (SDK).
Human Insight When Needed
Configure human decision points within your workflows to allow for detailed analysis from your team.
Audit Trails at Your Fingertips
Codified processes enable you to have a comprehensive record of your workflows and executions all in one central location.
Powerful Automation
With workflows, you can select a trigger source, configure actions, and automate processes without a single line of code.
Benchmarks for Your Team
Realize the value of automation by tracking productivity gains, workflow executions, decisions made, and more.
Continuous Access
Since InsightConnect is hosted on the Rapid7 Insight platform, you’ll be able to access and update your workflows anytime, anywhere.
Community Support
Don’t reinvent the wheel when you can use shared plugins and workflows from our community of industry pros.
Swimlane’s SOAR platform helps security operations centers manage the growing volume of alerts more efficiently by automating time-consuming incident response processes. The solution collects security alert data from virtually any security platform with minimal effort and then automatically responds to alerts using automated workflows and playbooks.
Features:Security Orchestration
Enable automated incident response by integrating your disparate security tools with security orchestration.
Security Automation
Swimlane executes security-related tasks at machine speeds during the incident response process—from detection and investigation to resolution—freeing your staff to focus on advanced threat defense. Automate tedious, manual tasks and reduce MTTR.
Case Management
Robust case management is a critical component of any effective security orchestration, automation and response (SOAR) platform. Instead of acting simply as an evidence locker, Swimlane's dynamic case management provides direct interaction with all data and related actions tied to an incident—allowing analysts to respond faster with greater flexibility.
SOC Metrics, Dashboards and Reporting
Granular information about the performance of your security tools, processes, and people are critical in order to define clear, realistic short-term and long-term strategies. However, organizations have long struggled to measure the ROI of their SOC. Swimlane’s SOAR platform delivers the key insights and metrics you need while amplifying the efficiency of your security operations.
Panaseer helps businesses make informed, risk-based security decisions using our proprietary Cyberfuse and Cyberoptics technology. The platform doesn’t use any agents, scanners or probes and integrates seamlessly with any data source.
How does Panaseer work?
The platform ingests data from any source in the cloud or on-premises, across security, IT and business domains through out-of-the-box Data Connectors.
It uses entity resolution to clean, normalise, aggregate, de-duplicate and correlate this data, creating a continuous feed of unified asset and controls insights across devices, applications, people, databases and accounts.
Business Risk Perspectives (BRP) capability identifies and isolates risks associated with mission-critical parts of the business, providing a continuous view of security risk aggregated and unified to any process, department, location, system or other grouping.
Controls coverage gaps are identified by comparing internal compliance policies with the baselined inventory. Previously unidentified assets are checked to ensure controls are applied against them.
Real-time, automated reports are produced, removing the need for manual data gathering. Security data can be mapped to your organisation’s structure, providing business context for security metrics, demonstrating investment impact and risk improvements.
Deep analysis across eight security domains
Vulnerability Management
Endpoint Security and Management
Privileged Access Management
Identity and Access Management
Application Security
User Awareness
Patch Management
A single view of the entire IT estate
Panaseer provides security teams, stakeholders and other security tools with a single view of all security and IT systems, reducing the need for manual data gathering and breaking down information silos. It also automates risk prioritisation and remediation and aligns security with recognised frameworks and internal policies.
At UBiqube we believe that a Holistic Multi-Domain Orchestration Strategy must be used to automate Security related Processes. Accelerating convergence of different technologies such as Cloud, 5G, IoT and Edge makes it costly, inefficient and unsafe to continue treating security processes separately. Automation of IT network, computing and storage infrastructure is a fundamental part of digital transformation and so it is natural to embrace SOAR to automate IT security processes. However, for SOAR to emerge as a comprehensive solution for the future, it will have to integrate remediation scenarios that cross many domains, such as Cloud, IoT and 5G. In other words, SOAR needs to be part of, and not separate from, technology convergence. This is what we advocate at UBiqube. We call it I-SOAR, for ‘Integrated SOAR’. Here is why and how:
1. Why is Multi-Domain Orchestration so material to effective Security Automation?
The first wave of SOAR solutions stems from pure players in the security space, such as Managed Service Security Providers (MSSPs), focusing exclusively on the needs of a Security Operations Centre (SOC). These solutions integrate the business functions needed for security remediation as well as the surrounding security services management. In other words, they integrate Security Information and Event Management (SIEM) with customized Business Process Management (BPM) playbooks. The automation processes that relate to infrastructure (i.e. policy provisioning) typically need vendor-specific management modules for network and element management (NMS/EMS). This means that implementing a security remediation scenario across these external systems would typically require outside help that, in turn, introduces new risks and threats.
This limits the addressable automation scope of the current SOAR solutions. The cloudification of IT, the emergence of Edge Compute and IoT are fueling this integration need. These will make it harder to keep a clear demarcation line between the historic security silo and the newer converged infrastructure technologies. As infrastructure is consumed more as a continuum, security remediation strategies may include a number of reroutes that will have the need to reconfigure devices outside the security domain, change QoS policies, load-balancing rules, or activate failover links. The possible scenarios are endless, but an effective security automation solution needs to address them all.
2. How do we turn SOAR into “I-SOAR”?
Meet the MSActivator DevSecOps framework!
At UBiqube we have developed an ‘abstracted’ activation layer that makes it easy for trained engineers to create adaptors for each and every vendor and system a process could call. This frees the ‘Automation process’ designer to implement any remediation scenario across security and non-security domains without limitations from any infrastructure or a specific vendor. This paves the way for new DevSecOps best practices with greater automation, lower costs and most importantly, greater security! Abstraction is at the core of MSActivator, which provides both a full security orchestration and automation environment as well as documented APIs for integration with other tools. Developers with different expertise can focus on the different areas of business process automation and system integration to deliver a single automation solution for their IT environment and with full vendor neutrality.
The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks, problems, availability of ROI calculator or price calculator. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.
