Managed Detection & Response

NuSpective delivers and manages the Technology and People to perform effective and affordable Compliance Monitoring and Cybersecurity Operations

Key Elements of our MDR Services include:

SIEM
Technology

Log
Analytics

Threat Investigations

24×7 Threat
Hunting

Threat Investigations

Incident
Remediation
Guidance

Threat Investigations

Compliance
Reporting

How NuSpective MDR Service Works with Your Team
to Reduce Your Cyber Risk and Ensure Compliance with Regulatory Requirements

NuSpective MDR Diagram
See Sample compliance Report
How it Works

The diagram above depicts the typical chronological source and delivery flow of our MDR services.

  • Blue boxes: Service aspects that are customer led activities
  • Orange boxes: Service aspects that are NuSpective led activities
  • Transitional Colored Boxes: Service aspects that are jointly (Customer and NuSpective) worked activities

MDR Essentials vs. MDR Advanced Comparison Chart

Product Features
Managed SIEM Technology: HW, Software Licensing & Support
Asset Discovery & Inventory
Expert Correlation & Tuned Log Management
Advanced Security Analytics
Security Compliance Reporting & Automation
Dynamic Dashboards, Topology Maps & Notifications
Web-like Queries & Iterative Filtering
Automated Real-time Communication of Critical Alerts
Daily Compliance Review by Trained Cyber Sercurity Experts
24x7x365 Monitoring by Trained Cyber Security Experts
In-depth Systems Security and Anomalous Activity Monitoring and Alerting
Continuous Alert Tuning & Management
Automated Real-time Communication of Critical Alerts
Remediation Advice and Triage Assistance
Custom Built Dashboard & Reporting
MDR Essentials
MDR Advanced
MDR Essentials
MDR Advanced
MDR Comparison Chart

Click chart to open in PDF.

FAQs

Frequently Asked Questions

  • image/svg+xmlimage/svg+xml
    There are other MDR Service Providers, why NuSpective?

    At the foundational level, NuSpective prides itself on establishing and maintaining our business relationships to deliver honest, straightforward, and consistent solutions, and services, at every touch point.  We are passionate about living in our “customer’s shoes” with a commitment to listening and responsiveness.   With over 10 years in business, our customers continue to work with us because we operate with these values every day.

    At the services level, NuSpective is committed to effective Compliance Monitoring and Cybersecurity Operations at a competitive price.  Our staff experts are highly trained and 100% based in United States.  NuSpective Fully Manages the Technology & People required to deliver comprehensive and compliant security operations.   The service includes the SIEM licenses and underlying infrastructure.   Your logs are Aggregated/Correlated enabling us to provide Customized Alerts Scoring & Prioritization.  We staff our Cybersecurity Experts for 24×7 “eyes on glass” and execute complete daily reviews of High, Medium, and Low severity events and alerts.  Your team will receive customized communication of all priority alerts as well as remediation support for actionable incidents. We pride ourselves on delivering highly customizable security operations services with attention to detail delivered with “white glove” treatment

  • image/svg+xmlimage/svg+xml
    Where are your technicians based? Are they located outside of the United States?

    100% of the NuSpective staff and SOC technicians are based in the United States and are English-speaking.

  • image/svg+xmlimage/svg+xml
    We already have log analytics tools, why NuSpective?

    NuSpective Fully Manages the Technology & People required to deliver comprehensive and compliant security operations.   The service includes the SIEM licenses and underlying infrastructure.   Your logs are Aggregated/Correlated enabling us to provide Customized Alerts Scoring & Prioritization.  We staff our Cybersecurity Experts for 24×7 “eyes on glass” and execute complete daily reviews of High, Medium, and Low severity events and alerts.  Your team will receive customized communication of all priority alerts as well as remediation support for actionable incidents.

  • image/svg+xmlimage/svg+xml
    We already have Firewalls and End-Point Protection Technology in place, why NuSpective MDR?

    Network firewalls and endpoint protection technologies provide the ability to see and respond to cybersecurity events; however, these technologies need to be monitored by the appropriate combination of technology and people to effectively protect your business against threats that can travel or multiply in your network.  Furthermore, the method to stop an active cybersecurity threat is not always clear. NuSpective MDR manages and delivers trained experts and SIEM technology to execute the monitoring and remediation guidance that your organization needs to maximize the effectiveness of your cybersecurity tools.

  • image/svg+xmlimage/svg+xml
    What are the key differences between MDR Advanced and MDR Essentials?

    MDR Essentials includes automated, technology-based 24×7 monitoring and alerting as well as a daily compliance review by a SOC Cybersecurity Analyst.  Remediation guidance for MDR Essentials customers is delivered via email in the form of “Playbooks.” MDR Essentials is best for customers that need to ensure cybersecurity compliance with daily log reviews, but do not need to real time human-based alert response by our SOC team.

    MDR Advanced includes everything in MDR Essentials, plus 24×7 real-time, people-based monitoring and alerting by trained SOC Cybersecurity Analysts.   In the case of actionable incidents, our SOC experts will provide live remediation guidance support.

  • image/svg+xmlimage/svg+xml
    How does after hours support work? Can it be customized?

    For both our MDR Services, technology-based Analytics and Alerting is performed and delivered on 24×7 basis.  Additionally with our MDR Advanced service, 24×7 people-based coverage and support is available to your team.  Our SOC team targets a 30-minute response time for high-severity and emergency incidents, we complete our investigation, confirm the incident, and contact your team via the communication method, and point of contact, of your choice (SMS/Email/Phone).

  • image/svg+xmlimage/svg+xml
    Can I customize my Alerting and Communication Process?

    Absolutely! Tuning alerts is a critically important feature of our service.   With your input, we customize the alerting, scoring and escalation procedures to eliminate false negatives and minimize false positives.  For both MDR Advanced and MDR Essentials customers, our SOC team will work with you during the onboarding process to tune the alerts accordingly.  Furthermore, we support on-going SIEM configuration changes to continually improve how we alert and communicate with your team.

    For MDR Advanced customers, our team will additionally document and maintain a customized SIEM “runbook” to ensure it evolves as your business processes and people change.   This is designed to accommodate your changing IT environment, and to improve the means (time of day, escalation contacts, etc.) by which we communicate with your team.

  • image/svg+xmlimage/svg+xml
    How is remediation defined?

    Remediation is the effort and expertise applied to abate the impact of actionable security incidents.   

    Our MDR Advanced service provides people-based guided remediation; our SOC analyst assisting your IT team with expert recommendations, instructions, and best practice methodologies to stop and/or mitigate the incident. 

    Remediation included with the MDR Essentials service is automated and emailed remediation “playbooks.”   Our “playbooks” are designed to provide best practices recommendations and instructions to guide your internal staff with necessary steps to stop and/or mitigate the incident. 

  • image/svg+xmlimage/svg+xml
    Can I use NuSpective MDR to monitor end points like laptops/desktops?

    Yes, you can use NuSpective MDR to monitor laptops or desktops. There are several ways to make this process efficient and affordable; our team can help you determine the best method for your organization.

  • image/svg+xmlimage/svg+xml
    Do NuSpective MDR Services also include End-Point Detection & Response (EDR)?

    While our MDR Service options do not currently include EDR, we do have expertise in helping you design and implement an EDR Solution for your business;  we can then offer our MDR Service to collect and examine the aggregate EDR log source.

  • image/svg+xmlimage/svg+xml
    How does NuSpective MDR work with Public Cloud Infrastructure?

    The log collector VM can be easily installed in AWS, Azure, GCP (or essentially any public cloud) to ingest logs from your public cloud virtual machines and virtual network devices.  NuSpective MDR service can also ingest infrastructure logs from the aggregated log sources such as CloudTrail from AWS.

  • image/svg+xmlimage/svg+xml
    What does Compliance Automation Mean?

    NuSpective MDR services are designed to make your life easier when it comes to cybersecurity compliance. With over 3,314 reports available out-of-the-box, NuSpective MDR service can provide you with weekly automated compliance reports.

    Both MDR Advanced and MDR Essentials services include a log event review process performed every day by our SOC personnel, satisfying those regulatory or compliance requirements for daily log review.

  • image/svg+xmlimage/svg+xml
    How do logs get from our servers to the SIEM?

    For private and public cloud environments a lightweight “log collector” VM is installed in your datacenter environment; the log collector receives logs from any source (virtual or physical) with an IP Address.  Examples:  network devices, virtual and/or physical servers, cloud VM’s, etc.  Normally, your VMs and devices send the logs directly to our Managed SIEM via HTTPS encrypted outbound connections.

    For SaaS environments (Example: Microsoft Office 365) we configure logs to be sent directly from the SaaS application to the Managed SIEM via encrypted connections (varies per SaaS application).

  • image/svg+xmlimage/svg+xml
    Does a VPN need to be set up?

    The log collector does not require any VPN connection and does not require any inbound firewall ports to be opened.

  • image/svg+xmlimage/svg+xml
    How are log sources counted with aggregate servers?

    An aggregate server is treated as a single log source, in rare instances additional charges for excess logs for a monthly billing cycle may apply.  We will ensure that your expectations are properly set if this is anticipated.

  • image/svg+xmlimage/svg+xml
    Will NuSpective have access to my systems?

    NuSpective staff members will not have access to any of your systems. Our SOC team will have the ability to send “commands” to the log collector installed in your environment. The log collector is a SIEM log collector VM that is security hardened and used widely in high-security environments such as banking, healthcare, and government.

  • image/svg+xmlimage/svg+xml
    Is NuSpective’s SIEM technology homegrown?

    No, the SIEM element of our MDR service is supported using Fortinet’s FortiSIEM product (formally AccelOps).

  • image/svg+xmlimage/svg+xml
    How will NuSpective support post event forensics, and security posture improvements?

    Beyond the guided remediation that our SOC team provides, there are multiple ways that NuSpective can support post-event clean-up.

    During an event, NuSpective has immediate access to high-value cybersecurity remediation teams that can start working your problem in a matter of hours, not days. Emergency service can be costly, but we have access to capable, emergency-ready resources should you need it.

    Following an event, we assist your team in assessing your cybersecurity posture, establishing a gap analysis, and planning for improvements.  

  • image/svg+xmlimage/svg+xml
    Does NuSpective MDR services include a Configuration Management Database (CMDB)?

    Yes, the CMDB provides critical “expected behavior context.”  This particular feature of our SIEM tool covers the following:  device configuration, OS version, interfaces and protocols, installed applications, running processes, and patch levels.  In addition, it provides User Identity Mapping and Reporting and Geolocation Tracking for all traffic.   It uses context-aware rules, based on the database, to only detect applicable incidents.  This is a key feature in eliminating “false positives”.

Get Quote

Get a simple, straightforward quote!

Learned Enough

Want To Learn More?

Meet with Us

Meet with our experts!