MAD Security offers MSSP services in multiple tiers, ranging from foundational capabilities such as antivirus scanning, central logging and user-awareness training to more advanced services such as real-time monitoring and threat response.
“In the past, we relied on an anomaly-based intrusion detection system to find indicators of compromise [IOCs],” continues Conway. “While this approach was effective for analyzing north-south traffic across small networks, it was a challenge to pinpoint IOCs across larger networks with significant volumes of east-west traffic. If we could reduce the time our analysts spent drilling down into the data, we could accelerate our response and improve costefficiency—ultimately providing a more competitive service.”
To sharpen its visibility of cyber threats, MAD Security decided to augment its offering with network detection and response [NDR] capabilities. The aim was to continuously monitor and analyze raw enterprise network traffic, creating a baseline of network behavior that would help analysts hunt down emerging threats faster.
“MAD Security is growing extremely rapidly. We’ve increased our client base by a factor of three in just a few years, and our goal is to grow a further 400% in the next three years,” comments Conway. “We targeted an NDR solution that could scale to help us hit that growth target while keeping our analyst team lean.”
MAD Security selected an NDR solution from Bricata, an OpenText company. An end-to-end network security platform, Bricata simplifies network protection by combining smart packet capture (SmartPCAP) and rich network metadata generation, delivering a clear view of even the most complex networks. The solution enables MAD Security to gain insights faster than ever through deep packet inspection, behavioral anomaly detection, IOC matching and AI-powered analytics.
Gaining a clearer view
Conway recalls that, “one of the main reasons we selected Bricata is the level of visibility it gives us. We can now look beyond individual subsets of endpoint and log data to build up a clear picture of what happened and when during an attack—even if the network traffic is encrypted. Crucially, we can use the solution to make sure that our remediation efforts are successful, for example, by monitoring for new IOCs during our cleanup effort to detect whether the attacker is changing tactics or switching to an alternate toolset.”
Working with a team from Bricata, MAD Security performed a thorough proof of concept before deploying the solution into production.
“The support and guidance we’ve received from the Bricata team have been excellent,” comments Conway. “The team ran multiple demos with us, allowing us to get deep into the technical capabilities of the solution and explore its potential to the full. During the actual implementation, the team went above and beyond to help us by running formal and informal training and support sessions to answer our questions and walk us through specific use cases.”
Sorting the signal from the noise
Equipped with NDR capabilities from Bricata, MAD Security analysts can now more effectively sort the signal from the noise when analyzing massive volumes of network events. By minimizing false positives, analysts can focus on the most serious threats— helping to drive down response times.
“We are very pleased with the Bricata product development roadmap, which is perfectly aligned with our own long-term strategy,” explains Conway. “Bricata is continually improving the solution, and we’ve been particularly impressed with the enhancements they’ve made to the user interface and data visualization capabilities. It’s getting easier and easier to surface the insights we need, and Bricata is always willing to listen to our feedback and incorporate feature requests into new versions.”
Today, Bricata is one of the core enabling technologies of MAD Security’s advanced MSSP service offering. The solution allows the company’s analysts to visualize activity across north-south and eastwest network traffic, identify potential threats and anomalies, and drill down to determine the best response.