To strengthen its security incident detection and response platform, Deloitte has added intelligence gathering, threat hunting, and mobile security modules from CrowdStrike and Splunk.
Deloitte not only specializes in consulting, but also offers solutions. As such, the group has upgraded its XDR (Managed Advanced Detection and Response) platform to enhance intelligence gathering, threat hunting, and mobile protection. The group has historically relied on technology partners through alliances with AWS, Crowdstrike, Exabeam, Google Cloud Chronicle, ServiceNow, Splunk and Zscaler. Two recent partnerships have been signed with Crowdstrike and Splunk to expand the XDR offering with various modules.
First with Cyber Security Intelligence (CSI) data feed tools and private sources with Falcon X data edited by Crowdstrike. This combination will provide users with actionable indicators of compromise, cyber threat notifications, attacker profiles, as well as threat views, automated sandbox scanning, and threat intelligence queries. “With Cyber Security Intelligence, the platform is much more proactive in detecting, preventing and understanding threats and therefore allows us to work more proactively with our clients,” said Kurt Obley, head of Deloitte MXDR.
Another module called Dynamic Adversary Intelligence (DAI) provides clients with information about adversaries “beyond the horizon”. DAI uses passive information gathering methods including global telemetry, API integration, sophisticated methods, proprietary public information analytics, and proprietary sourcing via Splunk. “With Dynamic Adversary Intelligence, customers can see insiders from the inside,” said Kurt Obley. “This module also provides the client with information that he must turn over to the authorities in order to track down hackers,” he said.
Discrete agent implanted in memory
Another digital risk protection module included in the Deloitte MXDR platform is CrowdStrike’s Digital Risk Protection (DRP). This is used to track the customer’s online digital footprint. “Digital risk protection uses client intellectual property models,” Obley also explained. “Based on this information and data such as domain names, email addresses, etc., we can explore the open web, the dark web, and the deep web and see if this information has fallen into the hands of the opponent. We can then advise the client on how best to deal with any potential crisis that may arise from this leak and analyze their environment to determine how it happened.”
Active Hunt and Response (AHR) includes a discrete agent that embeds itself in the terminal’s memory and collects data about the intruder without his knowledge. Not to mention Mobile Prevent, Detection, and Response (MPDR), a mobile prevention, detection, and response module that also joins the XDR platform. The latter has extensive search capabilities and is fully integrated with Falcon for Mobile Endpoint Detection and Response and CrowdStrike Mobile Threat Defense.
Modular approach to MDR
According to Kurt Obley, Deloitte’s modular approach to the XDR platform is the result of experience gained with customers. “We’ve found that customers sometimes have difficulty gathering information and turning it into action,” said a Deloitte MXDR manager. “Thanks to these very different modules, they can choose which ones will allow them to use the features. Combining Deloitte’s technology and know-how with the power of partners like CrowdStrike and Splunk on one platform is also a way to provide customers with what they need. Built with industry-leading alliance partners—all in Gartner’s Magic Quadrant—our platform offers the best available in the market, so it’s easy for customers to get the results they want. Our goal is to take XDR to the next level. With managed XDR, we can add modules in conjunction with the capabilities of our alliance partners to ensure our customers are always one step ahead of their opponents.”