Our MDR Basic Service already includes services that go far beyond the standard. It includes all technologies and services for comprehensive DETECTION, ANALYSIS and PREVENTION of cyber attacks on endpoints. This module is based on Microsoft Defender for Business and is supported by MS Sentinel SOAR, MS Defender XDR and Threat Intelligence.

1. 24/7 Cyber Detection & Response Center: Our Cyber Detection & Response Center (CDRC) is where true 24/7 monitoring of your systems takes place. Our analysts are on duty for you around the clock, 365 days a year, to detect cyber attacks on your company at an early stage, analyze them and defend against them in a targeted manner. Our 24/7 service keeps “Mean Time to Detect” (MTTD) to a minimum.
2. Security Orchestration, Automation & Response (SOAR): To reduce alarm processing time, SECUINFRA deploys a Security Orchestration, Automation & Response system (SOAR). With its help, analyses and reactions are partially automated. In this way, we reduce the “Mean Time to Respond” (MTTR) to a minimum so that, in the event of a successful cyber attack, we can stop the attacker as early as possible and avert greater damage.
3. Threat Intelligence: SECUINFRA uses strategic threat intelligence to select detection mechanisms and operationalizes threat intelligence data as part of threat hunting to uncover previously undetected attacks.
4. Microsoft Defender for Business (EDR): Endpoint Detection & Response (EDR) systems form the technological basis for modern detection and defense against cyber attacks. To detect attacks on endpoints (workstations & server systems), SECUINFRA relies on the established Microsoft Defender for Business for behavior-based detection of anomalies on endpoints.
5. Microsoft Defender XDR: Protects against cyber threats such as ransomware and phishing. Depending on the module activated, logsare combined to protect endpoints, identities, emails, collaboration tools, cloud apps and data from cyber threats. AI and automation are also used to directly ward off cyberattacks and prioritize incidents. In addition to the pure detection of cyber attacks, XDR also offers the option of actively responding to detected attacks. For example, processes can be terminated, local user accounts can be locked or entire systems can be isolated automatically. This helps to further reduce Mean Time to Respond (MTTR) by stopping a successful cyberattack at the most common entry point of a cyberattack, the endpoint.

However, should a major security incident occur, SECUINFRA provides support with the following services, which are billed on a time and material basis:

1. Incident Management: In the event of major cyber attacks, professional coordination and communication is essential to contain and manage the attack. That’s where our incident response experts come in to help you with technical and non-technical challenges.
2. Compromise Assessment:In the event of a cyber attack, it is extremely important to clarify the question as quickly and reliably as possible: Which systems have been compromised? Our Compromise Assessment answers this question as quickly, efficiently and reliably as possible.
3. Digital Forensics:Digital forensics enables the detailed analysis and reconstruction of security incidents. Our goal here is to learn from the cyberattack and refine your defenses. In addition, the findings of our digital forensics experts enable prosecution and help you make claims against cyber risk insurance companies.
4. Malware analysis: As part of malware analysis, we investigate how malware works with the aim of gaining a comprehensive insight into how it works, understanding its potential impact on a system and identifying suitable measures to minimize and prevent future damage. Our malware analysts use both static and dynamic analysis as well as reverse engineering.

Company collaboration platforms are a popular gateway for attacks, which can be exploited by means of phishing and identity theft. This is where the Microsoft 365 Business Premium feature “Defender for Office 365” comes in to protect email, Exchange, Teams, SharePoint etc. against malware and phishing.

1. Defender for Office 365: In Office 365, this provides enhanced protection against phishing, email fraud, ransomware and other threats to your collaboration tools. Artificial intelligence and automation are used to detect and stop cyberattacks, prioritize incidents and focus the response of our analysts in a targeted manner.

The MDR Complete Service offers companies of all sizes comprehensive protection and is based on the Microsoft 365 E5 security features coupled with services from SECUINFRA. The three most important points of attack “end device, e-mail and identity” are protectedin this module. In addition, the module offers enhanced protection by detecting anomalies in the network and securing SaaS applications against identity theft and data leakage. This provides you with comprehensive detection, analysis and response against cyber attacks and puts you in an excellent position in this area.

1. Network Detection & Response (NDR): In addition to detecting access to the command-and-control infrastructure of known attackers, SECUINFRA offers behavior-based detection of attackers at the network level. A modern Network Detection & Response (NDR) system is used here which, in contrast to conventional products such as N-IDS, relies primarily on the detection of behavioral patterns. The data generated is not only extremely valuable for detecting attacks, but is also used by our analysts as part of the response process to contextualize suspicious events. In addition to attack detection and contextualization capabilities, our NDR also provides the ability to actively respond to detected attacks. For example, communication relationships can be terminated, access to command and control servers can be blocked, or IT systems can be isolated automatically to minimize the impact of detected security incidents.
2. Defender for Identity: This security service specializes in protecting identities in your networks from hackers and thus preventing lateral movement. Local and cloud networks are monitored. Suspicious logins and user activities are detected, reported and stopped locally, in the Microsoft Active Directory and in Azure with Entra Identity Protection. Password resets and user lockouts are automated and performed quickly before systems and data are compromised.
3. Defender for Cloud Apps: Cloud applications and services are monitored and evaluated according to risk factors. By analyzing information from various application sources, cyberattacks on cloud applications or data in the cloud are detected and effectively stopped. This provides all-round protection for yourcloud applications and prevents lateral movement from the cloud to yourinfrastructure.

The MDR Premium module offers companies of all sizes even greater protection and covers all Microsoft security products of the respective subscription, including the SIEM functionalities of Microsoft Sentinel. The service also offers flexibility in the retention period of the collected security-relevant data. The service is based on the features of Business Premium or Microsoft 365 E5 Security Features and is supported by the advanced detection capabilities of UEBA. Other services such as Defender for Cloud are also covered. This provides full protection for endpoints, collaboration (email & Teams), identities (AD and Azure Entra ID) and yourcloud infrastructure. This module alsooffers services such as cyber deception.

1. Central log management: The database for the SIEM area is provided by our central log management. Security-relevant log data is recorded centrally and stored for a period of 90 days, or longer if required, in a searchable format.
2. Security Information & Event Management Microsoft Sentinel SIEM is a scalable, cloud-native solution that provides security intelligence and event management, security orchestration, automation and response (SOAR), and intelligent security analytics and threat intelligence for organizations. With Microsoft Sentinel, data can be collected from various sources, interactive reports and workbooks createdalarms are correlated into incidents and tasks are automated.
3. User and Entity Behavior Analytics (UEBA) detects and investigates suspicious activities. An entity can be a user, a device, an IP address or an application. Microsoft Sentinel collects and analyzes the data and creates a normal behavior profile for each entity. Various methods and machine learning are used to find abnormal activity that indicates a possible attack or compromise. These anomalies are presented in the form of warnings and incidents. In addition, sensitivity, behavioral profiles and criticality are shown. This allows analysts to quickly assess the priority and severity of the threat and initiate further investigations and remediation of the incident.
4. Cyber deception: This technique deceives, confuses and exposes attackers who are trying to penetrate a computer system or network. For example, false or manipulated data or resources are created in the network, which serve as so-called honey pots, i.e. decoy traps. This is used to gather information about the attackers’ intentions and identities.

In addition to all MDR Premium features, the highest level offers the option of enriching the Sentinel SIEM with security-relevant data from your log sources via Microsoft Data Connectors. This has the advantage that this data and the data from the Defender modules can be correlated using additional use case rules and thus utilize the full Sentinel SIEM capabilities. Benefit from SECUINFRA’s extensive USE-CASE library, which has proven itself in numerous customer projects and is constantly being optimized by our experts. Third-party hardware and software, such as firewalls or proxy servers, etc., are also monitored to detect anomalies.

Anti Phishing: Companies are facing an increasing number of cyber attacks. Phishing is a special and very successful type of phishing. Around 90% of attacks on a company begin with a phishing e-mail. In order to cover this incidence vector comprehensively, we divide this AddOn module into two sub-modules. The sub-modules can also be ordered separately, but always require at least the Basic+ module.

1. Phish button: This add-on module offers the possibility, to have suspicious emails checked by our analysts. For this purpose, the end user is given the option in Outlook to report each email as potentially suspicious. During this analysis, URLs, QR codes or attachments are checked for malware or phishing attempts. The advantage here is that every reported e-mail is processed and checked directly by an analyst. Suspect or malicious content is moved to quarantine and the notifier receives feedback on the analysis result.

2. Phishing awareness campaign: This module is extremely effective in sensitizing employees to the various and sometimes perfidious phishing attacks. For a simulation, SECUINFRA, in consultation with the customer, creates a mail layout with the aim of requesting login data from the customer’s users or tricking users into performing security-critical actions. has. Only the user names are collected, actual Passwords are not collected by the phishing campaign. A simulation comprises one phishing e-mail per employee of a specific division or the entire company. A detailed procedure will be defined in close consultation after commissioning.

In order to make the campaign appear as authentic as possible, SECUINFRA (or the customer) registers a previously agreed domain.

A phishing simulation will run for a period of approx. 10 days in order to reach as many users as possible. The lead time for the start of a campaign is approx. 10 working days.

Once each simulation has been completed, the customer receives a report within 2 weeks. It is also possible to send awareness training to conspicuous users via the O365 Defender.

Vulnerability Management: This additional module can be added to any module. The service is based on the Microsoft Defender Vulnerability Management Plan. This additional module provides an overview of the current vulnerabilities of yoursystems, both inside and outside your environment. The vulnerabilities identified are also used to evaluate the alarms and possible incidents from the aforementioned modules.