Managed Detection and Response – Old

Our Managed Detection and Response (MDR) service combines a dedicated team of engaged experts with next-generation technologies to provide real-time threat detection, investigation, and response. Advanced Analytics, and Integrated Threat Intelligence accurately identify threats, and Security Analysts perform complete event investigations, freeing your IT resources from the burden of false positives.

Purpose-built for critical networks, our MDR service is designed to facilitate rapid and accurate confirmation while ensuring only incidental access to confidential information. In the case of an actual incident, our team produces specific Incident Action Plans (IAPs) to stop threats, minimize damages and reduce recovery time.

No network is 100% secure, and legacy security techniques are no longer sufficient against the increasing sophistication and frequency of cyber-attacks. Our team extends your team and technologies, providing deep expertise aligned to your organization’s unique risks.


Inside your network, the Arbala Guardian collector gathers and analyzes network activity, disk access and server logs, performing initial detection activities. Advanced analytics are applied for robust detection and prioritization.


Potential incidents are elevated to our security analysts who determine the likelihood of the elevated alert being a security event.

Frequency analysis and other techniques help to eliminate false positives, which enables us to focus only on real threat incidents.


Using the Arbala Guardian investigation framework, an analyst investigates the alert and other activities that surround the event time window.


The Arbala Guardian Command Center creates an Incident Action Plan (IAP) specific to your systems and response plan. The IAP includes corrective actions to mitigate the threat(s) as well as the compromised asset.

The Command Center integrates into your Incident Response Plan and initiates a call to discuss the event, providing all supporting data to address the threat(s) and contain the compromise.


Once the vulnerability that led to the event has been mitigated, the identified attacks have been repelled, and the compromised asset is restored to service, the Incident Action Plan is closed. Full documentation is maintained for your teams and for reporting. Assets that were previously compromised or under attack are specifically monitored to ensure that all compromise indicators have ceased.


Our algorithms process network event data to identify:

  • Statistical anomalies
  • Interaction with known malware distribution or criminal command and control sites
  • Anomalous events from the intrusion detection Arbala Guardian Collector
  • Correlation of multiple suspicious events
  • Significant periodicity in signals


Utilizing elastic scalability and advanced data indexing algorithms, we are limited only by the amount of data you can provide to us. We grow as large as we need to be, and we do not lose processing capabilities as we scale. Our learning approach allows Arbala Guardian to become continuously more powerful and faster as data is ingested and processed.


Our security experts investigate an incident to confirm it is a true threat. Once confirmed, the analyst prepares and communicates a customized Incident Action Plan (IAP) and interfaces with your staff in a pre-designed incident response process to quickly address the compromise. Incidents are addressed quickly so that actual damage and loss are averted or minimized. This process eliminates false-positives and manages actionable plans for confirmed threats.