Threat Response: Managed eXtended Detection & Response (MXDR)

Daniel Bohan
Sales Manager

April 17, 2024

As we explore the layers of our new Todyl consolidated security stack, it’s time to shine a light on Managed eXtended Detection & Response (MXDR). At the heart of it, MXDR is the human element amidst a network of software and machine-based systems. MXDR leverages an interactive, risk-focused methodology across the entire security lifecycle—from prevention to detection to response—keeping you one step ahead of the latest threats.

Built on the back of the deep visibility derived from our SIEM module, MXDR essentially weaponizes that visibility into a protective system of threat hunting and threat response.

MXDR is generally considered to be the most advanced threat detection and response solution available. Why? Because it uses data feeds from multiple advanced technologies and brings together the best of both machine and human capabilities. Threat hunting, human response, case management and security intelligence are just some of the components of MXDR, all managed by a team of experts at Todyl’s 24/7 Security Operation Centre.

The Significance of 24/7 Threat Response for SMB

It’s 3:27 am on Saturday morning.

A threat actor uses an exploit to access an accounting firm’s Microsoft 365 tenancy and change the admin credentials to enable a full compromise of data.

Situations like this start bad and get worse quickly. While this isn’t a large corporate firm, they still manage quite a lot of sensitive financial data, but without having the vast security resources that the big global firms can bring to bear. This makes them a juicy target for cyber-attacks, and if their systems are compromised, it would undoubtedly lead to lost or stolen client data and cause irreparable harm to the firm’s reputation.

However, this particular firm has MXDR services in place and this suspicious late-night change to global admin access is detected by Todyl’s security team. The anomaly is flagged when unauthorized modifications are made to admin privileges after hours, a common indicator of an attempt to gain elevated access and control over firm resources.

The MXDR team is on watch 24/7 and responds immediately by revoking the newly granted permissions and reverting the changes. They then trace the breach to compromised user credentials, prompting a firm-wide password reset, before handing the case back over to Layer3 to implement stricter access controls with the client. This swift action prevented a data breach in progress, ensuring the security of sensitive client information and maintaining the firm’s integrity and client trust.

There are two things every small and mid-market business should know about cyber attacks:

  1. Cyber attacks don’t just happen to large corporations.
  2. Cyber attacks don’t just happen within business hours.

So, when you are in a small or mid-market New Zealand business and you get attacked overnight or on a weekend, what’s the plan? Even if you have automated monitoring as you would expect as part of any reasonable managed service, you don’t have 24/7 security ops in place. It’s important to understand that monitoring is not the same as threat hunting and automated alerts is not the same as 24/7 response. That is another level entirely, and traditionally a level that has been out of reach for non-corporates.

To address this gap, Layer3 has partnered with Todyl to bring their Managed Extended Detection and Response (MXDR) solution into New Zealand. MXDR helps by constantly monitoring a company’s systems, actively hunting for threats, and acting quickly, day or night, if a critical threat or anomaly is detected. This kind of service is crucial because it helps stop cyber threats before they can do serious harm.

Bringing Together Detection and Response

MXDR combines two critical functions—detection and response—to create a robust defence mechanism against cyber threats. Here’s a breakdown of what MXDR brings to the table:

  • Comprehensive Data Integration: Using SIEM, MXDR ingests data from multiple sources, including endpoints, networks, cloud environments, and application logs. This comprehensive data integration allows for a more holistic view of the security environment, enhancing the detection of complex threats.
  • Comprehensive Threat Detection: MXDR leverages advanced detection algorithms and real-time monitoring to identify suspicious activities across endpoints, users, networks, and clouds. By staying vigilant around the clock, MXDR ensures that no potential threat goes unnoticed, empowering businesses to respond swiftly and effectively.
  • Proactive Threat Hunting: Todyl’s MXDR team of security experts conducts proactive threat hunts, leveraging global threat intelligence and sophisticated technology to identify and eliminate hidden threats before they can cause harm.
  • Tailored Protection: We understand that every business is unique, which is why Layer3 and Todyl craft personalized defence strategies tailored to the specific needs and challenges of each client. A good example of this is when meeting specific ISO requirements (ISO 27001) which can require quite specific alerting capabilities.

How MXDR Works

Using components from Todyl’s consolidated security stack, such as EDR and SIEM, MXDR constantly scans your company’s computers, controls and network infrastructure for indicators of compromise or any anomalies that could signal a cyber-attack. This process involves analysing vast amounts of data traffic and system logs to detect patterns or activities that deviate from the norm. We call this process threat hunting.

When the system identifies potential threats, Todyl’s 24/7 security operations team rapidly intervenes, much like a physical security team would respond to a break-in attempt. This quick reaction is critical to prevent the escalation of the threat. The team uses a combination of automated tools and expert analysis to contain and neutralize the threat, utilizing an array of rapid response options such as host isolation, LAN ZeroTrust, firewall updates and more to effectively stop attackers in their tracks.

Post-incident assessments will analyse and investigate incidents to determine the impact, scope, severity, and risk, providing valuable guidance and countermeasure recommendations to defend against findings.

This proactive approach not only secures your business’s data against unauthorized access but also minimizes the risk of data loss or damage, ensuring your operations can continue without disruption.

Who are the humans behind these human response capabilities? Todyl’s 24×7 security team consists of former NSA analysts, Air Force cybersecurity specialists, and leaders at enterprise incident response companies with deep experience responding to large-scale incidents.

Let’s look at this in action with one more example to see how all of this works in real-time.

A manufacturing company with on-premises servers for design work detects unusual outbound data traffic via its MXDR service, indicating potential data theft in progress. The Todyl team shut down external communications, isolated the compromised workstation, eliminated the malware, and restored data integrity, preventing intellectual property theft and operational disruption. Following the incident, an investigation discovered a compromised workstation where malware had been installed to siphon data to an external server. The affected systems are quickly isolated, the malware is purged. Layer3 then restores the integrity of the network through backups and all logs of the incident are preserved for reference.

Your Business is a Castle

Imagine your company’s IT environment as a castle. Tools like Endpoint Detection and Response (EDR) are the battlements, providing robust protection against attacks that make it past the outer defences. Your firewall acts as the moat, deterring invaders from even reaching the castle walls. Multi-factor authentication (MFA) serves as the drawbridge, allowing only verified individuals to enter, while Zero Trust Network Access (ZTNA) functions as a portcullis, offering an additional layer of security by ensuring that only trustworthy and authenticated traffic can move within the castle. Meanwhile, MXDR combines the roles of the vigilant watchmen and the ready defenders on the walls. It not only watches for signs of incoming threats but also actively engages and neutralizes those threats, ensuring the security of the castle’s inner sanctum—your critical data. Plus, it bends the medieval castle analogy by bringing in modern searchlights, motion detectors, advanced radar, lasers and surface-to-air missile batteries. This integrated approach ensures a rapid and effective response to any security breaches, maintaining the integrity of your network’s defences.

Democratizing Cybersecurity for Kiwi Businesses

At Layer3, we’re committed to democratizing cybersecurity, making advanced protection accessible and affordable for small and medium Kiwi businesses. While most 24/7 Security Operation Centre services are generally the only realistic options for large corporates, Layer3 is making Threat Response accessible to businesses of all sizes with Todyl’s MXDR solution. We make this even more digestible now by delivering MXDR ‘baked in’ to our top-tier service plans for security-conscious organisations.

From proactive threat detection to continuous enhancement, Layer3 and Todyl are your partners in safeguarding your digital assets and preserving your business’s reputation with the power of MXDR. Most small and medium organisations just don’t have the luxury of internal IT staff to manage all of this – they need to focus on business.

With MXDR standing guard on your castle walls, you can focus on what you do best – running your business – while we handle the rest.

Next Up in this Series

Stay tuned for our next post in this six-part series, where we will look at the magic of SASE – Todyl’s flagship solution that enables your team to work securely from anywhere, in or out of the office, across a friction-free Secure Global Network.

Contact us