Managed Extended Detection and Response (MXDR) for OT

Difenda’s MXDR for OT service, powered by Defender for IoT, offers a turn-key agentless extended detection and response (XDR) service that is deployed to help protect OT and industrial control system (ICS) devices. As part of the service, customers benefit from Difenda AIRO, an Automated Triage and Response Engine backed by our 24x7x365 ISO27001, SOC II Type 2 and PCI Certified Cyber Command Center (C3) team for around-the-clock protection.
Our proven process uses passive, agentless network monitoring to safely gain a complete inventory of all your assets, with zero impact on infrastructure performance. With this added visibility, Difenda’s Cyber OT Operations team rapidly triages threats, performs ongoing alert tuning, and works with customers on escalated incidents to contain and mitigate threats.
This managed service can seamlessly integrate with Difenda MXDR for IT to provide customers with unified threat protection across the entire environment. This provides our C3 team with the ability to mitigate OT threats by tracing indicators back to the IT environment and containing the originating IT threat vectors such as malicious emails, compromised identities and infected endpoints. We are solely focused on Microsoft Security and provide superior customer experiences delivered by tenured cybersecurity experts.
Difenda’s MXDR for OT service is designed to support ongoing cyber program maturity and reduce the load on internal teams. We use iterative processes to help customers tune configurations, enhancing proactive controls and reducing alert volume. Real-time insights are generated through our Difenda Shield Analytics platform, providing cybersecurity leaders with the necessary data points and dashboards to drive their cyber strategy.

Microsoft Security Powered, Cybersecurity Framework Aligned

Difenda’s MXDR for OT services are designed to support adherence to common OT Cybersecurity frameworks, including NIST.
MXDR for OT integrates services leverage the following Microsoft Security technologies:

• Microsoft Sentinel: MXDR for OT leverages Sentinel, Microsoft’s cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration Automated Response) solution. Sentinel collects, analyzes, and correlates security data from various sources within your OT and IT environments.
• Microsoft Defender for IoT (MD4IoT): MD4IoT uses passive network-based deep packet inspection alongside behavioral analytics, and threat intelligence to detect threats. The technology also supports core components of a strong Cyber OT program, including asset and network topology discovery, vulnerability assessments and reporting, and attack path modelling. Deployment models supported include cloud, air-gapped and on-premise, and hybrid configurations.

Professional and Managed Services

MXDR for OT can be integrated into your environment by Difenda experts via a Professional Services engagement. Our team will assist you in standing up the platform, integrating it into your environment, ensuring your team is fully trained and able to use the platform. All aspects of the effort will be documented so you can fully leverage the application moving forward.
MXDR for OT is also available as a Managed Service. Per above, our team will implement the platform, ensure it is properly integrated into your environment and our team will take it from there. Difenda experts will continually tune and support ongoing OT environment remediation efforts.
Our 4-step methodology to provide actionable outcomes:

1. Threat Profiling – Iterative contextualization of environmental threats.
2. Threat Detection – Rapid, 24x7 identification of threats.
3. Threat Hunting – Continuous search for new and emerging threats.
4. Threat Response – A combination of automated processes and human intervention for effective threat containment.

What’s included?

• MXDR for OT Implementation
• Microsoft Defender for IoT (OT) Implementation
• Microsoft Sentinel Implementation
• Microsoft Sentinel Log Source Integration
• Microsoft Sentinel Custom Development (Log Data Connectors, Analytic Rules, Playbooks, etc.)

Difenda Shield Managed Services Overvi