The integration of security into SD-WAN was once an anomaly but particularly since the introduction of SASE has increasingly become the norm. Open Systems, an early player in the secure SD-WAN trend, took a step even further and announced today the integration of managed detection and response (MDR). The service will be available in Q3 of this year.
Building MDR into the Open System solution will free organizations from having to invest in the expert staffing, time, and tools needed to monitor their security infrastructure. And by not having to purchase an additional service, the Open Systems MDR solution shortens MDR deployments, delivers more efficient operation, and better security.
“Instead of inundating customers with often meaningless alerts, our cloud-native MDR service, when combined with our SASE solution, enables threats to be identified and contained early in the ‘kill chain,’ and without the need for customers to build and staff a security operations center (SOC) of their own,” said Jeff Brown, CEO of Open Systems.
With Open Systems’ MDR offering, the company has leveraged its Microsoft relationship to integrate Microsoft Azure Sentinel security information and event management (SIEM) with the rest of its networking solution. “Open Systems’ MDR service easily integrates with the existing data and security stacks in Azure and Sentinel, further maximizing these investments, and helps address today’s increasingly complex security requirements,” said Ann Johnson, CVP Cybersecurity Solutions Group, Microsoft.
The Sentinel SIEM ingests alerts from the enterprise’s security stack utilizing Open Systems SD-WAN endpoints to take data from the sites. In the cloud, Open Systems will deploy a virtual appliance wherever the company requires to inspect cloud-to-cloud and mobile-to-cloud traffic. The ingested traffic is parsed by Sentinel to identify true positives and suspicious behavior requiring evaluation by Open System’s security engineers. The security engineers sit in the company’s SOCs in Zurich, Switzerland and Redwood City, California. Threats are then elevated to the security analyst team assigned to the specific customer. The team informs the customer of the situation and provides recommendations for containment and resolution.
Built-in MDR: A Growing Trend
Open System isn’t the first provider to deliver MDR as part of their SASE offerings. Cato delivered Cato MDR as part of their overall SASE platform in February of last year. But there are significant distinctions between how the companies position the two offerings.
Open Systems describes Cato MDR as “only” a managed endpoint detection and response (EDR). The company points to Cato’s SentinelONE integration as evidence. This isn’t exactly accurate. Cato has adapted SentinelOne’s anti-malware engine to network-based, advanced anti-malware. However Cato MDR is a different offering.
Cato MDR is a managed MDR service that ingests data from the rest of Cato’s security services. As with the rest of Cato’s service, Cato MDR emphasizes ease-of-deployment, requiring no additional hardware or software probes to gather network data. The service leverages Cato’s massive data warehouse built from the metadata of all network flows of all Cato customers. Cato emphasizes that by capturing the raw network flows, Cato is able to gather greater network context, context that is often lost when data is passed up to a SIEM.
Cato says it runs data aggregation and machine learning algorithms against this massive data warehouse. The combination of data science, network context, and a data warehouse spanning all traffic from all customers allows Cato to spot anomalies that may be unnoticeable if only assessing traffic from one company. Cato security researchers review the flagged events and assess the risk. The Cato SOC automatically contains live threats. The SOC alerts customers to the actual threats, advises on remediation steps, and follows up until the threat is eliminated.
By contrast, the Open Systems MDR solution ingests data from any third-party security solutions. More specifically, Open Systems says they package MDR with EDR and Microsoft Sentinel to take logs from a customer’s devices and that are operated and monitored by their NOC/SOC third-level mission control engineers. What’s more, the Open Systems MDR service inspects East-West and North-South traffic. This means that the service will detect anomalies not only in traffic between sites but also within a given site.
MDR: What’s the Right Approach for you?
These and other differences between the two approaches will only help enterprises. Both solutions are credible, whether they’re both suitable for your organization is another matter. To better understand their pros and cons and how they align with your requirements, try our free WAN Jumpstart Kit.
You might also like: