This article answers the common questions about the Co-Managed XDR.
Worry-Free with Co-Managed XDR is a cross-product, cross-customer, and cross-partner detection and response service. This is co-managed by Trend Micro and MSPs. Worry-Free with Co-Managed XDR helps mitigate threats for customers while alleviating overburdened MSPs and elevating security offerings without a significant time and cost investment.
Benefits include the following:
- Provides holistic threat visibility and correlation across endpoint and email, enabling proactive
- containment and intelligent response by Trend Micro’s threat experts.
- In addition to what Worry-Free XDR provides, it adds co-managed detection and response services for MSPs, along with:
- 24/7 threat experts: Cuts through the fog of constant alerts to isolate genuine threats in their earliest stages, providing MSPs with personalized remediation steps for their customers.
- Cross-customer analysis: The service automatically checks the MSPs customer base for the same threat and takes action to protect multiple customers at once.
- Cross-partner analysis: Threat analysts review similar threats across partners, especially those in the same industry, to provide proactive response.
- Incident response: Provides customized recommendations, or Trend Micro threat experts can conduct actions if authorized by MSPs.
- Monthly case activity summary report: Provides an executive view of incidents and threats detected and mitigated for the month.
The sensors being used for WFXDR are:
- CAS for email sensor
- EDR for endpoint sensor.
- With WFBSS ETA on 4 categories: Virus, WTP, Machine Learning, Behavior Monitoring
- Worry-Free Business Security Services can do correlation to get noteworthy event in 3 ways: EDR, CAS, and EDR+CAS. If a detection consists of suspicious object or unknown malicious object, detection will become a noteworthy event.
Proactive actions that can be performed are:
- Quarantine an email
- Block a user
- Block a file or object
- Kill a running process
- Isolate endpoint
- Run Agressive Scan
- Collect ATTK and create a Damage Cleanup Tool
- DETECTION - 24x7 alert monitoring, Early detection & containment of potential threats or Early Warning Event Service.
- INVESTIGATION - Threat source identification, Infection Chain/RCA, cross-product correlation analysis, cross-customer correlation analysis, cross-partner correlation analysis
- REMEDIATION - Access to SEcurity Experts 24/7, remediation assistance
- RESPONSE - Incident Report, Monthly Report, Policy Assessment Report, Incident Advisory with proactive IOC Assessment
- Manual upload / confirmation of the existence of suspicious file
- Manual upload of suspicious emails and manual release of emails
- Worry Free Security Agent Manual/Aggressive Scan
- Run clean up tool on the machine/s
- Updating Worry Free Security Agent
- System Modification/ Third Party Software Patching
- Product best practice configuration
- Verification of integrity of the software involved
- Customer password reset
- Customer advisory