A Better Solution for Threat Management

Presidio MDR introduces a new approach to threat mitigation efficiency with 24x7x365 coverage. It integrates with traditional security point-products and sources of telemetry on-premise and in AWS to consolidate decisions through an intuitive SecOps Platform. Presidio MDR with Active Response integrates seamlessly to automatically initiate protective action in seconds, not minutes or hours.

Virtual Team

Mid-sized organizations find that managing a strong cybersecurity posture is complex and depends heavily on highly skilled resources to detect and remediate threats. With limited resources, their challenge is to optimize their time and training to respond as quickly as possible to threats.

Presidio MDR is powered by the Presidio Threat Strike Team – researchers, investigators and responders armed with industry-leading threat intelligence as part of the Presidio Threat Framework.

The Presidio Threat Framework has been established on a foundation of over ten years of offensive and defensive testing from Presidio’s world-class cybersecurity consulting team. It is professionally aligned with industry-recognized frameworks such as MITRE ATT&CK®, NIST CSF® and Center for Internet Security® (CIS®).

The Presidio MDR solution is not just software. Presidio MDR clients will benefit from a comprehensive threat protection service including:

• Assigned Security Analyst
• Assigned Service Delivery Manager
• Proactive Threat Hunting, Threat Discovery & Alert Validation
• Threat Investigation & Containment Tracking
• Playbook Management
• Finding Reports
• 24x7x365 Managed Detection & Response

Presidio MDR leverages proven methodologies to detect, analyze, investigate, and respond to alerts in an efficient and repeatable manner.

Presidio SecOps Portal

Presidio MDR goes beyond just opening tickets for a client’s cyber team to investigate and resolve. The intuitive SecOps Portal consolidates threat data from multiple system logs to simplify detection and response. It includes a powerful dashboard that gives clients control over responses to threats, integrating with other systems to perform actions including:

• Disable accounts
• Remove phishing emails
• Add/remove indicators from whitelist or blacklists

Active Response Automates Playbooks

Presidio MDR with Active Response enhances the Presidio Threat Engine and extends the Threat Engine’s Playbooks to automate action in a client’s environment. For example, if:

• A system gets malware that can’t be cleaned – Presidio MDR/AR can isolate that endpoint in seconds through integration with market leading EDR solutions.
• Attackers are setting up forwarding rules in Office365 email to commit financial fraud – Presidio MDR/AR can detect and disable that rule as it’s being implemented.

Active Response eliminates just sending our clients more alerts, but instead provides value by stopping them 24x7x365.

Every use case from the Threat Framework has a Presidio developed Playbook, created in Presidio’s SOAR platform. It includes a series of Tasks, Decisions, and Integrations that automate manual steps. The playbooks reduce the time it takes to start analyzing and responding to threats and provides consistency across all analysts and shifts.

Presidio’s Playbooks are continually tested for accuracy and new Playbooks created with the closed feedback loop by the Presidio Threat Strike Team. As new attack tools are available, and new attack techniques are being used, Playbooks are created and tested by Presidio Penetration testers to validate that the system can detect those attacks at multiple places in the Kill Chain.

Active Response Playbooks are defined on a client-by-client basis. Most clients start small with a set of use cases and expand over time. A default set of Active Response Playbooks are provided and additional ones are added as part of Presidio’s Cybersecurity Consulting Services.

Why Presidio

Presidio is a leading digital systems integrator, with deep experience in networking, cloud computing and broad hybrid infrastructures. Presidio recognizes that cybersecurity is foundational to the success of any business and has a highly specialized expert team at the ready. Our clients benefit from:

• Services methodology built on recognized industry standards including NIST, CIS, and ISO
• Compliance depth & breadth including PCI, HIPAA, NERC CIP, GDPR, CCPA, SOC 2, ISO 27001, DFARS 800-171, CMMC
• Deep security services bench and broad security services solutions

Presidio’s Cybersecurity Practice covers a broad security services portfolio. Highly skilled and tenured cybersecurity practitioners maintain leading industry certifications, provide thought leadership and practical industry experience. Presidio has conducted thousands of engagements across all major industry segments.

Contact us online