Difenda MXDR for OT

Additional Info

CompanyDifenda Inc.
Websitehttps://www.difenda.com/services/mxdr-for-ot/
Company size (employees)100 to 499
Headquarters RegionNorth America

Overview

Following a ransomware attack on their OT network, a leading manufacturer realized the urgent need for enhanced security measures. Initially protected by only basic IT controls, the company collaborated with Difenda to deploy a comprehensive cybersecurity solution that would address immediate threats and strengthen long-term resilience.

Difenda’s Cyber OT team worked closely with the manufacturer’s IT and plant teams to implement Defender for IoT network sensors across each of their manufacturing environments, review OT network traffic and vulnerability data, and identify recommendations to address environment hygiene issues and tune alerts.

Difenda’s MXDR for Operational Technology (OT) service, powered by Microsoft Defender for IoT, offers a turn-key agentless extended detection and response service to help protect OT and industrial control system (ICS) devices. As part of the service, customers benefit from Difenda’s AIRO automated triage and response engine backed by our 24x7x365 ISO27001, SOC II Type 2 and PCI Certified Cyber Command Center (C3) team for around the clock protection.

The manufacturer then pursued SOC 2 certification with Difenda’s support through their Cyber GRC advisory services. This effort includes using Purview Compliance Manager for pre-audit readiness and enhancing service delivery with new AIRO OT-specific triage playbooks and advanced analytics.

Difenda AIRO excels at bridging the gap between IT and OT security environments. It leverages threat enrichment, auto triage, incident scoring, auto-response and service synchronization to help customers integrate automation throughout the entire operations processes. It liberates analysts from low-impact tasks and equips them with additional incident context to act swiftly and decisively.

This automation has significantly improved response efficiency, achieving a 100% completion rate and reducing response times to just four minutes. The benefits of this mature cybersecurity program are evident in fewer audit findings, lower cyber insurance rates, and progress towards SOC 2 compliance targeted for Q3 2024.

Key Capabilities / Features

MXDR for OT Implementation
- Microsoft Defender for IoT (OT) Implementation
- Microsoft Sentinel Implementation
- Microsoft Sentinel (Defender for IoT, other supporting security technologies, and key OT technologies where supported)
- Microsoft Sentinel Custom Development (Log Data Connectors, Analytic Rules, Playbooks, etc.)


Difenda Shield Services Overview
- 24x7x365 MXDR triage and response
- Difenda AIRO Automated Triage and Response Engine (SOAR)
- Difenda Shield Analytics Platform portal and real-time reporting
- Integrated Threat Intelligence, including advisories and bulletins
Proactive Threat Hunting
- Ongoing Sentinel maintenance, including Log Data Connector, Analytic Rule, and Playbook development
- Remote Incident Response (RIR) retainer
- Dedicated Technical Account Manager (TAM) & Customer Success Manager (CSM)


How we are different

MXDR for OT services seamlessly integrate with MXDR for IT services. This comprehensive service delivery model provides full 24x7 threat detection and response capabilities across both IT and OT environments, ensuring that any actions taken on the Difenda side do not impact critical plant systems and associated business processes.


With Difenda’s strategic deployment of Microsoft Security technologies, our Shield Analytics platform can display both IT and OT data. This centralization provides greater visibility and improves the speed of triage and subsequent responses to quickly mature the overall security posture.


Difenda AIRO, an Automated Incident Response and Orchestration engine, is built on native Microsoft Sentinel playbook automation and excels at bridging the gap between IT and OT security environments. It leverages threat enrichment, auto triage, incident scoring, auto-response and service synchronization while using all the Defender XDR Microsoft Security technologies to help customers integrate automation throughout the entire operations processes. It liberates analysts from low-impact tasks and equips them with additional incident context to act swiftly and decisively.