The Evolution of Managed Detection and Response (MDR) with BlueVoyant

May 16, 2023 | 8 min read

Milan Patel

Global Head of Managed Security Services

Milan Circle Calcite Duotone

BlueVoyant’s advanced cloud-native MDR defends against the latest threats, while also helping clients maintain control of their data and maximizing existing subscriptions.

Managed Detection and Response (MDR) as a product and service category is long-overdue for a shake up. Many enterprises struggle with their cyber defense posture because it requires security teams managing a number of tools and then weaving them into a cohesive security stack. Couple that with the cybersecurity talent gap that prevents many organizations from being able to fully defend their enterprise, and you have a recipe for frustration and worse. An MDR provider can be the solution.

Many MDR providers have been hard at work adding more and more features to their platforms, leading to feature-bloat and operations teams being increasingly removed from their critical security data. However, organizations are looking for an MDR solution that allows them to be closer to their own security data so that when a SOC Analyst, Threat Hunter, or Content Engineer needs to access data, they can work with their data directly, and not be intermediated by an MDR provider’s portal when they need to get work done. BlueVoyant takes an evolved approach to MDR, applying our data science and security expertise to help clients collect, normalize, rationalize, and access their own data, within their own tools.

The core differentiator we see with BlueVoyant’s evolved approach compared to traditional "pure-play" MDR providers, is that many are trying their best to keep pace with the feature development of these security tool providers. We prefer to combine these new security software features, while keeping internal security teams connected to their data.

Our clients have noticed the difference.

“In our market research we found that more traditional ‘pure-play’ MDR providers frequently did not have the expert-level knowledge we required in our critical security controls,” said Adeeb Mahood, CISO, Chemonics International.

Learn more about BlueVoyant's approach to MDR in our on-demand webinar

The BlueVoyant Approach to MDR

BlueVoyant’s MDR combines clients' existing security products with our advanced technology and human-led expertise from our global Security Operations Center (SOC), which monitors clients’ networks 24x7. Clients have a cloud-based security solution that illuminates, validates, and mitigates today’s internal and external threats. BlueVoyant combines extended detection and response (XDR) and security information and event management (SIEM) monitoring and management to detect and respond to security threats across a wide variety of data sources before they cause harm to your business.

Clients are looking for a partner like BlueVoyant to help them maximize their existing technology.

“Our primary objective in looking at MDR providers was to find a security partner that could help us realize the promise of these technologies,” said Martin Kerkhoven, CTO, Elekta.

Rather than creating our own proprietary log analysis features, scripting engines, and response action automations, we think the value of an MDR provider is to bring operations expertise into an organization's existing security tools. BlueVoyant ensures these tools are deployed according to best practices, configured correctly, leveraging advanced features, keeping cloud costs in check, and regularly maintained. This ensures trained SOC Analysts are maximizing the tools for 24x7 network defense.

BlueVoyant is the nervous system that makes your existing investments work at the top of their game, continuously. There are enough security tools, so BlueVoyant doesn’t want to be the next layer of software bloat in your security tool stack. Rather than investing in duplicating SIEM and XDR features in our platform, we're focused on features and visuals to tell how our SOC is running in our customer-facing MDR portal. This strategy keeps us focused on speed and accuracy to showcase the value of our SOC.

Mitigation of Internal and External Threats

BlueVoyant has also broadened the scope of MDR to include external threat mitigations to address threats beyond an organization’s perimeter. This includes external protection for data leakage, advanced digital brand protection and external detections and takedowns of social media, rogue apps, and web impersonation (phishing). It also includes Supply Chain Defense, continuous monitoring of suppliers, vendors, and other third-parties, which have become an increasingly common attack vector, as well as proactive capabilities to take down attacker infrastructure before they even get to your users.

Further, MDR providers need to take the “R” for response in their name seriously and have true Digital Forensics and Incident Response (DFIR) embedded within the service. BlueVoyant is now offering options to expand the scope of MDR by combining it with Digital Forensics and Incident Response (DFIR). Although MDR provides comprehensive security coverage, many businesses require additional cloud-native incident response, deep digital forensics, or legal testimony support that falls outside the scope and capabilities of MDR. Without these external threat mitigation capabilities, MDR solutions, in our view, are incomplete.

When enterprises strengthen their cyber defenses, threat actors search for new vulnerabilities. BlueVoyant continually adds new capabilities so our clients are always well ahead of ever-changing threats.

Transparency is at the Core of Everything BlueVoyant Does

“Pure-play” MDR providers collect all data into a black box in the provider’s platform for analysis, sending limited alert information back while maintaining custody of the data. All work is done inside their box and focuses only on the data they can ingest into their platform.

With transparency at our core, BlueVoyant wants our clients to know exactly what we did for them. Instead of having clients work within our portal, BlueVoyant deploys our solution on your infrastructure, meaning you maintain full control over your data, meet data residency requirements, and can watch, in real-time, as we work to protect your company from threats. When we develop new detection content, we deliver it, along with our high-fidelity detection capabilities inside your tenant — and that's where it stays. The goal is that our team and your team work seamlessly in the security tool you are investing in, without unnecessary layers getting in the way of full transparency.

While BlueVoyant offers a portal, it is designed for limited use cases, mainly so you can see any triaged incidents. You can track alerts, events, and case investigations through our portal, with links back to your security tools so you have a clear understanding of all actions taken on your behalf.

BlueVoyant’s MDR portal is designed this way because it's what our clients demand.

“We needed to enhance our processes for detection, response, and threat hunting, but did not want to be tied to a new MDR provider’s portal to access these capabilities,” said Ariel Litvin, CISO, First Quality. “Our mandatory requirements were for a security partner to bring their expertise in our core technologies and business processes, and operate in a co-managed model within our environment for both XDR [extended detection and response] and SIEM.”

The transparency built into BlueVoyant’s MDR is essential as new government cybersecurity legislation is enacted. For example, the European Union’s Network and Information Security (NIS2) directive introduces requirements for managed security service providers. These new rules include stricter risk management provisions, and the BlueVoyant solution helps ensure not only compliance, but also to significantly reduce the cyber risks associated with sensitive data transfers to a third party and vendor lock-in situations.

MDR Your Way

In addition to being dedicated to transparency, BlueVoyant is dedicated to our clients maintaining control of their data. All security data lives in the client’s infrastructure, ensuring that clients maintain control of their sensitive data.

While existing third-party platforms like Microsoft and Splunk are great at displaying search log and alert data, in order to most efficiently and effectively use these tools, we have found that clients need help setting up and managing these subscriptions so the most critical issues are flagged and acted on.

And when it comes to Microsoft and Splunk, BlueVoyant has industry-leading expertise to help our clients maximize these subscriptions.

In April, BlueVoyant was named the Security MSSP (Managed Security Service Provider) of the Year award at the Microsoft Security Excellence Awards 2023. This award is given by the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and MSSPs that have integrated their security products and services with Microsoft’s security technologies. The award shows recognition by both Microsoft and our peers that BlueVoyant’s approach to MDR is helping clients enhance their cyber defense posture. In the past two years, BlueVoyant has received multiple awards from Microsoft. We also have a strong depth of experience with hundreds of Microsoft Sentinel deployments across every major industry sector, including government.

Splunk recognized BlueVoyant as a key MSP (managed service provider) partner with the new Premier Manage designation. BlueVoyant also earned core competency badges for

Cloud Migration and Cloud Migration: Co-Delivery. The company has 200 active Splunk certifications.

The Evolution of MDR

BlueVoyant believes our approach to MDR is next-generation, but we’re never going to rest on our laurels. Our goal is to be continually improving and innovating so our clients always know they are getting industry-leading cyber defense.

And that’s what our clients want when it comes to picking an MDR provider.

“More enterprise-size organizations like ours are using MDR services to extend SOC capabilities, but we do not believe security operations is a function that can be entirely handed to a service provider, said Steve McDevitt, Global CIO, Element Materials Technology “Legacy MDR providers tend to require us to use their tools and processes, but we really needed a partner that could enhance the tools and processes we were already investing in now and partner with us for the future.”

If you are interested in learning more about BlueVoyant’s MDR and other offerings, please contact us.

Milan Patel is the global head of managed detection and response (MDR) at BlueVoyant. He is the former chief technology officer of FBI Cyber Division and recipient of the Federal Law Enforcement Officer of the Year.