MDR(Managed Detection and Response)


Our Managed Detection and Response (MDR) service is tailored to the Endpoint Detection and Response (EDR) solution chosen by the client. It offers real-time response and management for endpoint intrusions. This service expands the monitoring scope from data at the cybersecurity device layer to the activity status of the computer operating system. It enhances endpoint visibility (including endpoint processes, registry information, etc.), captures endpoint behaviors, integrates threat intelligence, and actively hunts for threats through proactive threat hunting to uncover hidden cybersecurity risks.

Through a centralized management platform, we facilitate immediate remote response. This involves isolating compromised endpoints or discontinuing abnormal processes in real-time, preventing the escalation and spread of threats before they worsen.

1. Monitoring and Detection

Through our Intelligent SOC architecture, we employ cross-device/cross-client correlation rules, artificial intelligence, and big data detection rules to monitor and detect endpoints. Once the correlation rules are triggered, an "SOC Alert Notification" will be automatically issued to the MDR operations team for confirmation.

2. Threat Hunting

Our MDR operations team immediately conducts event analysis upon receiving the "SOC Alert Notification" and communicates the "MDR Incident Notification" to the client via email or SMS.

3. Response and Remediation

Subsequently, our MDR operations team assists the client in response and remediation. Remediation methods include but are not limited to: remotely assisting in automatic or manual removal, isolation, or termination of malicious processes; remotely connecting to retrieve virus signatures or samples, obtaining Indicators of Compromise (IoC) related to the intrusion threat.

4. Feedback and Collaborative Defense

Following incident resolution, our MDR operations team provides feedback on the handling results and discovered intelligence to the SOC monitoring center. This strengthens existing monitoring rules, updates attack intelligence, and achieves a collaborative defense effect across organizations and devices.

Service Features

Integrated with our SOC cybersecurity monitoring service, clients can receive high-risk endpoint alert notifications in real-time.

In response to detected high-risk events on a particular host or endpoint, our personnel proactively assist clients in conducting further analysis and provide actionable recommendations. We also offer immediate assistance to clients in mitigating the identified events.

Through our Intelligent SOC architecture, we optimize existing monitoring rules and provide intelligence feedback, aiming to achieve the most comprehensive response and mitigation for high-risk events and enhance collaborative defense effectiveness.

Service Benefits

Rapidly receive assistance from our skilled cybersecurity professionals to remediate high-risk events for clients.

Save on the resources needed for clients to search and carry out subsequent mitigation measures in the cybersecurity domain.

With intelligence feedback for each endpoint high-risk event, further strengthen cybersecurity monitoring and defense capabilities.