Just a moment, logging you in...
Proximus NXT Orbit Managed XDR service manages the alerts generated by Microsoft Defender. Our Security Operations Center (SOC) analyses and responds to these alerts 24/7 in Brussels, Belgium.
For many years, the analysis of security incidents was only possible with a Security Information and Event Management (SIEM) solution. Such a solution correlates security logs from different systems from different vendors and searches for "indicators of compromise" using predefined use cases, which trigger the creation of a notable event or alert. In recent years, more and more security vendors have started offering "Cross/eXtended Detection and Response" or XDR solutions that perform log correlation across their different solutions, without the need for a SIEM. Microsoft Defender is a prominent examples of such a XDR solution. These XDR solutions provide ready-to-be-analyzed alerts, as the vendor takes care of the correlation of the logs. The security vendors create the use cases as part of their XDR offering and they also apply Artificial Intelligence and Machine Learning to automate use case creation and refinement. This greatly reduces the maintenance costs and at the same time improves the quality of the log correlation. XDR solutions also offer many off-the-shelf response actions that use the protection capabilities of the solutions of the XDR vendor to contain and remove threats. Examples of response actions are endpoint isolation, user account lock, URL blacklisting, et cetera. At the same time there is a trend at many organizations to reduce the number of security vendors and to consolidate their security architecture. This trend reduces the need for multi-vendor log correlation. As a result, these new XDR solutions become an interesting alternative for a SIEM solution.
The Proximus Orbit Managed XDR service manages the alerts generated by the XDR solution of the customer. Proximus currently supports Microsoft Defender, Palo Alto Cortex XDR and Fortinet FortiAnalyzer. The Proximus SOC analyses these alerts 24/7 and separates the real threats from the false positives. The real threats are then prioritised according to their impact on your customer’s organisation. The Proximus SOC will responds to these security threats through automated and manual actions and by advising the customer on how to resolve the incident. All this is supported by Proximus' MDR platform, which under the bonnet uses a Security Orchestration, Automation and Response (SOAR) solution.