Carem Lv2Posted 18 Sep 2023 14:42
  
Security Information and Event Management (SIEM) Data: Integrating the MDR solution with a SIEM system allows for centralized log management and correlation of security events from various sources. This data helps in detecting and responding to advanced threats
Happpy Lv3Posted 18 Sep 2023 14:42
  
Network data, such as traffic logs, can help in identifying and responding to network-based attacks.
damulagski Lv3Posted 18 Sep 2023 14:43
  
SIEM, NGAF, ES, CyberCommand and NGAF - this are the data sources needed
babeshuka Lv3Posted 18 Sep 2023 14:44
  
Sangfor's MDR solution leverages threat intelligence feeds to enhance its detection capabilities. These feeds provide up-to-date information about known threats and indicators of compromise (IOCs)
LucyHeart Lv3Posted 18 Sep 2023 14:45
  
If your organization uses cloud services, integrating the MDR solution with your cloud provider's security logs and APIs can provide additional visibility and threat detection capabilities
grayice499 Lv2Posted 18 Sep 2023 14:46
  
The basics are NGAF and ES. If you want the more robust visibility then add the Cyber Command and Threat Intelligence.
jerome_itable Lv3Posted 18 Sep 2023 17:11
  
The requirements for Sangfor MDR solutions vary depending on the specific services and features that you need. However, some general requirements include:

    A stable internet connection. Sangfor MDR solutions are cloud-based, so you will need a reliable internet connection in order to use them.
    Compatible security tools. Sangfor MDR solutions work best with a variety of security tools, including firewalls, intrusion detection systems (IDS), Network Detection and Response (NDR) tools, Endpoint Detection and Response (EDR) tools, and Security Information and Event Management (SIEM) systems.
    A team of security professionals. Sangfor MDR solutions are designed to be used by security professionals. While Sangfor can provide some training and support, it is important to have a team of security professionals in place who can manage and respond to alerts.

In addition to these general requirements, you may also need to meet specific requirements for the services and features that you need. For example, if you need Sangfor to manage your security tools, you will need to provide them with access to those tools.

Here are some specific requirements for Sangfor MDR solutions:

    Asset discovery and risk assessment. Sangfor will need to perform an asset discovery and risk assessment in order to understand your environment and your security posture. This will help them to identify any security gaps or weaknesses.
    Security tools. Sangfor will deploy its own security tools in your environment. These tools will collect security data from your network and endpoints and send it to Sangfor's security operations center (SOC).
    Security monitoring and analysis. Sangfor's SOC will monitor and analyze the security data collected from your environment. They will use this data to identify and investigate potential threats.
    Threat response. If Sangfor identifies a threat in your environment, they will take steps to respond to it. These steps may include blocking the threat, containing it, or removing it.
engineer_baz Lv1Posted 19 Sep 2023 12:03
  
MDR (Managed Detection and Response) solutions are designed to help organizations detect and respond to security threats. MDR solutions typically provide a variety of services, including security monitoring, threat hunting, and incident response.

The requirements for MDR solutions vary depending on the specific needs of the organization. However, some common requirements include:

The MDR solution should be able to monitor a wide range of security events, including network traffic, system logs, and endpoint activity.
The MDR solution should be able to detect a wide range of security threats, including malware, intrusions, and attacks.
The MDR solution should be able to respond to security threats quickly and effectively.
The MDR solution should be scalable to meet the needs of the organization.
The MDR solution should be affordable.
Zonger Lv5Posted 19 Sep 2023 17:08
  
When implementing a Managed Detection and Response (MDR) solution from Sangfor, the required data sources are:

Network Traffic Data: Information about network traffic patterns, including logs from routers, switches, and firewalls, is essential for detecting and responding to security threats.

Endpoint Logs: Data from individual devices, such as computers and servers, including logs related to system activities, user authentication, and application usage.

Security Event Logs: These logs contain information about security-related events, such as intrusion detection system (IDS) alerts, firewall logs, and antivirus scan reports.

User and Entity Behavior Analytics (UEBA) Data: This includes user behavior data, such as login history, access patterns, and anomalous activities.

Cloud Services Logs: If your organization uses cloud-based services, logs from these services can provide insights into activities and potential security incidents.

Threat Intelligence Feeds: Integrating threat intelligence feeds can enhance the MDR solution's capabilities by providing up-to-date information about known threats and indicators of compromise.

Third-Party Integrations: Depending on your specific environment and needs, you may need to integrate data from other security solutions or third-party sources.

Collecting and analyzing data from these sources allows the MDR solution to identify and respond to security incidents effectively, helping to protect your organization's network and assets.

I Can Help:

Change

Trending Topics

Board Leaders