Open Systems MDR+ Service

Additional Info

CompanyOpen Systems
Websitehttps://www.open-systems.com/
Company size (employees)100 to 499
Type of solutionService

Overview

Open Systems’ cloud-native MDR+ service uniquely combines continuous 24×7 monitoring, AI automation and the expertise of the company’s security engineers to detect and contain threats as early as possible in the cyber kill chain. This enables companies to substantially improve their security postures quickly without spending precious time and money building their own SOCs and hiring hard-to-find security experts to staff them

All aspects of Open Systems’ MDR+ service – platform, processes, procedures and people – have been optimized based the company’s experience delivering managed security and networking services for more than 20 years. This enables Open Systems to run MDR+ like NASA Mission Control, using continuous processes to deliver repeatable and predictable outcomes that ensure fast detection and remediation of threats, while mapping a bespoke view of the customer’s security posture.

Unlike most security service providers, the mission-driven approach of Open Systems’ MDR+ is focused on delivering real outcomes to a set of critical security challenges (secure connectivity, ransomware, malware, APTs, phishing) versus drowning customers in alerts.

The heart of MDR+ are the company’s four Mission Control SOCs, which are strategically located around the world to provide customers with round-the-clock protection. Each SOC is staffed by security experts, infrastructure experts and data scientists who operate as an extension of customers’ SecOps teams. Each must complete 400 hours of hands-on training and pass rigorous certification testing before servicing customers.

To speed the detection of threats, the MDR+ platform employs AI automation and Machine Learning (ML) to filter out false positive alerts so engineers can focus on investigating true positives and suspicious behavior.

When threats are identified, staff move immediately to contain them, following established procedures and escalation processes pre-approved by each customer. This approach ensures that engineers can act quickly to contain most breaches rather than waiting for customer approvals.

How we are different

DETECTION – For many MDR providers, detection is simply forwarding alerts, but we identify actual threats among all the false positives. We do this by ingesting data from our Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) sensors, along with data from tools in customers’ security stacks, including firewalls and secure web gateways. Context is then added with inputs from Active Directory, DNS, cloud-native applications and other sources. All of this information is finally parsed and analyzed to surface suspicious behavior that’s run-to-ground by our security analysts.


FAST RESPONSE – When a breach is identified, our security engineers immediately move to containment because seconds can make the difference between a minor issue and a catastrophe. To ensure a rapid response, we use automation via playbooks and develop a well-defined escalation process with each customer during onboarding. This includes determining the types of breaches that engineers are pre-authorized to contain so they can act immediately without delay. This also includes defining the specific roles and responsibilities of each team member – with Open Systems and with the customer – during a security event to ensure a comprehensive, coordinated and efficient response to the situation.


PROVEN MANAGED SERVICES EXPERIENCE AND PLATFORM – The platform underlying our MDR+ service has been developed over 20+ years and is highly integrated, whereas competitors often stitch their SIEM, SOC and SOAR together. This shields the underlying complexity, enabling true single pane of glass management by our Tier 2 and Tier 3 networking and security experts. Additionally, our Mission Control Knowledge Base contains the collective security and operational expertise accrued over our 20+ years as a service provider. This information ranges from security best practices to our deep operational expertise and is ingrained in everything we do, from threat response runbooks to disaster recovery and other