What’s Included
ConnectWise MDR endpoint security is deployed for all in scope workstations and servers and is paired with the ConnectWise Security Operations Center SOC.
Running processes are continuously monitored and mapped for malicious behaviors, using artificial intelligence to detect virus and malware variants, fileless attacks, and root cause diagnostics in real time.
Upon detection of a security incident or indicator of compromise on an endpoint, the following services are provided in coordination with the ConnectWise SOC:
- Security alerts from endpoints are initially analyzed by the ConnectWise SOC, triaged, and contextualized, with significant alerts escalated to the security team
- Investigation of escalated alerts to confirm whether an alert represents a true security incident and assess threat severity and impact
- Use of unified monitoring dashboards, such as ConnectWise BrightGauge or equivalent, to maintain real time visibility into threats across the environment, using global threat intelligence sources and data aggregated by the MDR platform to assess the nature, origin, and potential propagation of detected threats
- Prompt notification to designated security contacts upon verification of a security incident or high risk threat, including threat details and preliminary recommended actions
- Collaboration to determine appropriate response actions consistent with operational considerations and any predefined incident response plan
- Execution of containment and remediation measures for confirmed threats in coordination with the ConnectWise SOC, which may include isolating affected endpoints, terminating malicious processes, quarantining infected files or systems, and utilizing response features, which require Defender for Endpoint, to isolate a device or quarantine a file
- Remote remediation commands may also be executed across Windows, macOS, or Linux devices
- Remediation commands are based on the specific Defender for Endpoint feature available for each operating system. Not all remediation types are available for all operating systems and all Defender for Endpoint plans
- Documentation of significant incidents and actions taken in a report or within the ticketing system, including the nature of the threat, detection and neutralization methods, and recommendations regarding additional steps or security improvements