Internal Use Only

Global Leader In
Cybersecurity

June 21, 2023

 Internal Use Only

Managed Detection &

Response (MDR)

June 21, 2023

 Internal Use Only

What organizations face today

Cyber
Skills Gap Complexity Alert Fatigue Compliance
Insurance

Managed security solutions market
MSSP
Monitors customers’ IT
infrastructure.
Provides security tools to
monitor customers’
internal systems.
Lack attack response and
remediation services.
Limited visibility; limited
response capabilities.
Internal Use Only
SIEM MDR
Collects and processes 24/7 security monitoring
event data across an and response.
organization’s security
ecosystem. Scope of analysis extends
to networks, logs,
Manages security data endpoints and cloud.
from disparate data
sources. Customizable and flexible.
Results in alert fatigue
Threat intelligence and
and false positives.
insights.
Requires substantial
security expertise. One size doesn’t fill all.
 Internal Use Only

Bitdefender MDR = Customer Context + Human

Expertise + Technology

Customer Human-Led Best Technology

Knowledge

"It is not quite equivalent to having someone… living in this environment 24/7, but it’s the
closest you’re gonna get to an external entity, it’s super comprehensive." Gartner
 Internal Use Only

MDR is purpose built to fully leverage Bitdefender’s

best-in-class technologies
Investigations Response
MDR
Threat Hunting Recommendations

XDR

Identity Productivity Endpoint Network Cloud

Apps

EDR

GravityZone® Business
Security Enterprise
 Internal Use Only

MDR Portfolio tiers and add-ons support growing needs

Foundations Premium Enterprise
24/7 Monitoring & Response Support & Customization Advanced Threat-Intel Capabilities
GravityZone XDR Platform

24/7 Security Operations

Threat-Intel Hunts

Threat Modeling

Professional Services

Dedicated SAM

Targeted Threat Hunts

Dark Web Monitoring

Brand and IP Protection

XDR Sensors
 Internal Use Only

Single point-of-contact connects to a complete

MDR team

CUSTOMER
OPERATIONS

SECURITY
OPERATIONS

SECURITY
PLATFORM
& OPTIMIZATION
 Internal Use Only

Customer Success

Onboarding Support Response

• Ensure all MDR • Safeguard customer
documentation is received experience
• Customers understand the • Establish communication
MDR service cadence
• All agents are working properly • Provide Customer with latest
information from BSOC
• Provide updates to customer
• Get answers to all questions
customer has
• Review all reports with
customer

Policies are in place

NOTE: CST is on-call 24x7 for MDR Premium and MDR Enterprise customers. With MDR Foundations customers, we provide a
dedicated Incident Response Lead in the case of an incident. When not experiencing an incident, support is available via the MDR Portal.
 Internal Use Only

Onboarding delivers deep customer context

1 2 3 4

Enter license Deploy and configure MDR is now monitoring Receive MDR Portal login to
information into GravityZone Agents & your environment round- tune the service, view
GravityZone XDR Sensors (option the-clock, ready to recommendations, create
to use Professional respond support tickets, and get
Services) insight into investigations

“[Bitdefender] takes the time and make the effort to understand [the customer's] business.
That's not something I personally see coming from your competitors.” - Gartner
 Internal Use Only

MDR Operations
Global Team: Security Operations Centers: San Antonio, Texas & Bucharest, Romania

Expertise:
• 40+ SANS certifications; Incident Handling, Forensics, SIEM with Tactical Analysts, Cyber Threat
Intelligence
• Cloud Admins, System Administrators, IT (education, government, healthcare)
• Global Military Intelligence (USAF/USA, NSA, NATO)

Threat Intelligence 24/7 Monitoring & Response Threat Hunting

Researching cyber threats,
geopolitical activity, and vertical-
specific data trends and applies this
knowledge to customer environments
Eliminates the operational overhead
of managing security alerts and
events, providing tactical and
strategic recommendations to reduce
customer exposure to risk
Continuously monitoring the global
threat landscape, using the
knowledge gained to drive threat
hunts across customer systems

“[Bitdefender has] already solved the scale problems that [competitor]

will have to solve down the line.“ - Forrester
 Internal Use Only

24/7 Monitoring & Response

Detect Respond Report

• Baseline generation
• Event Review
• Threat Hunting
• Signature Management
• Triage and Investigate • Real Time Dashboards
• Response Actions (Pre- • Flash Reports
Approved)
• After-Action Reports

• e

Incident Root Cause & Expert Pre-Approved MDR Portal

Impact Analysis Recommendations Actions (PAAs)
 Internal Use Only

Bitdefender MDR Workflows and Outcomes

Bitdefender Agent MDR BSOC BSOC Cases CST Cases

Agent Alerts • BSOC Tooling & Tuning Investigations Notifications

• CIFC Tooling & Tuning
• 24x7 Analyst Teams 0
3543 • Correlation of Events Cases
5
Alerts • Analytics & Signatures Cases
• Threat Intelligence 3
• Defensive Infrastructure Hunts
Engineering & Dev
Teams
 Internal Use Only

Baselining allows customer-specific outcomes

Customer provided information
Customer
Profiling

Findings,
Recommendations
Baseline Logic

& Response
Managed Cyber Intelligence Actions
Customer Baseline Fusion Cell
Customer
Telemetry Curated Threat
Intelligence Active Monitoring
Data & Response
Normalization
Threat Hunting
Rules & Anomaly
Analytics
Investigation

Customer
Specific
 Internal Use Only

Incident Response when it matters most

Active Monitoring
& Response

Threat Hunt
Investigation Identification Containment Eradication
MDR Detection
AMR Notification to
CST

Security Account Manager Timely and comprehensive

1. Initial Phone call to customer • SLA: 30 min to contact for

2. Comms with SOC via slack critical/high incidents
channel apart of ticket/case • Containment using wide-
MDR Portal Notification &
3. Periodic Updates Flash Notification & ranging set of actions (PAA)
Dashboards & Flash Reports Report Email/Portal After Action Reports • Flash reports/updates
Records (MDR Portal) 4. Final AAR Sent (MDR Portal) • After action reports
• 72 hours targeted monitoring

Threat Hunting that finds latent threats
Risk-Based (Intel) Threat Hunting
(ALL)
• Our teams compile a massive amount
of organic and systematic threat
intelligence, attacker research, and
threat analysis
• Human-led
• Industry / vertical serve as triggers
• Proactive hunts triggered across your
environment
Internal Use Only
Targeted Threat Hunting
(MDR Premium and Enterprise)
• Incorporates latest threat intelligence
from Bitdefender Labs
• Threat model tailored to your
organization
• Human-led
• Periodic threat hunts across your
systems
 Internal Use Only

Threat Intelligence

Monitor Respond Report

• Customer Domains and IP
• Key Users
• Third Parties and Tech Stack
• Industry Vertical
• Open source and intel feeds
• Triage and Investigate
• Requests-for-Information
(RFIs)
• Intelligence hunt Packages
• Intelligence Quicklooks
• Intelligence Alerting
• Tippers
• Research Papers
• Blog Posts
• After-Action Reports

Global Intel Tailored Threat High Priority Dark Web Brand & IP
Analysis Modeling Target Monitoring Monitoring Protection
 Internal Use Only

Threat Modeling
Threat Landscape

Direction Collection Processing & Exploitation Analysis & Production Dissemination

Customer Validate Response/

Onboarding Watchlists/Alerting
Questionnaire Data/OSINT Dissemination

Critical Data Collection Watchlists & Alerts Actions

- IP/Domains - Dark Web
- Previous - Code Repositories
Compromises - Credential Leaks
- Industry - Typosquatting
Hunt Packages
- Critical - Industry Threats Vulnerability Cyber
Users/Systems - Zero-Days Management Advisories/
- Strategic Partners & Education
Vendors

Provides you with detailed intelligence of potential risks from malicious actors to your business
and employees.
 Internal Use Only

MDR Portal provides complete visibility

• Visibility into our security
operations
• Detailed reports
• Recommendations
• Support access
• Pre-Approved Response
Actions (PAAs)
 Internal Use Only

Reporting / Metrics
Vertical-specific threat landscape

Monthly MDR service reports

Real-time dashboards

Flash, After-Action, and Tipper

 Internal Use Only

MDR Overview
• World-class team of security
experts who protect our customers
24x7

• Focused on understanding your

specific security AND business
(industry) needs

• Built on award-winning technology

• Delivering security outcomes with

veritable business impact
 Internal Use Only

Bitdefender is Trusted. Always.

Thank you
Prenume Nume,
Job Title

June 21, 2023

 Internal Use Only

Appendix

June 21, 2023

 Internal Use Only

Data Privacy / Residency

GravityZone® XDR Devo Swimlane / MDR Portal Recorded Future

OR
Security telemetry and events collected from customer endpoints, analytics, records
of investigations made by the Bitdefender SOC, observable behaviours, company
details.
Depending on information given during on-boarding
and discoveries during service

• Company Details

• Domain Names

• IP Addresses

• User Information

• Brand information

• MDR Service and Investigation Reporting

 Internal Use Only

Optimized Threat Hunting

Source Triggers
Customer Activities & Outcomes
BD Labs Global Intel All-Clear
Awareness,
Risk Based Pre-approved Peace-of-mind
CIFC Industry Intel
Hunting Action
Containment
3rd Party Customer Intel Priority
Actions Response &
Tactical Mitigation
Recommendations Improved Maturity
CIFC Brand & IP Baseline Anomaly
Strategic & Posture
Periodic Recommendations
CIFC Customer Low Confidence Based
Threat Model Detections Hunting
Customer Feedback Loop
Telemetry
Baseline Security Content
Update Baseline
Development
 Internal Use Only

Pre-Approved Actions (PAAs)

PAA Use Case Detection Restriction Selected

✓
Isolate Host A host infected with malware could laterally spread to GravityZone created Root Windows, Linux and
(No Network other hosts, enabling further damage within the Cause Analysis MAC
Communication) network.

✓
Stop Process A host infected with malware could potentially hijack or GravityZone created Root Windows, Linux and
create new processes/scripts that enable further Cause Analysis MAC
damage to the host and/or network.

Quarantine the File

✓
A file that is associated with or conducting malicious GravityZone created Root Windows, Linux and
activity. Cause Analysis MAC

✓
Block File A file that is associated with or conducting malicious GravityZone blocklist
activity. based on SHA256 or MD5

Block IP
✓
A possibly malicious IP is targeting or communicating Firewall section in Policy Requires Firewall
with a host and/or network. Module, Windows Only

✓
Block Ports Malware known to communicate over specific port. Firewall section in Policy Requires Firewall
Module, Windows Only

✓
Delete File A file that is associated with or conducting malicious GravityZone created Root
activity. Cause Analysis
 Internal Use Only
Features Foundations Premium Enterprise

24x7 Security Operations X X X

• Threat Management X X X

• Customized Notifications & Expert Recommendations X X X

• Pre-Approved Actions (PAAs) X X X

• Incident Root Cause & Impact Analysis X X X

• MDR Portal X X X

• Monthly Service Reports X X X

Threat Intel-Based Hunting X X X

Targeted Threat Hunting X X

• Security Baseline X X

• Tailored Threat Modeling X X

Professional Services Included X X

Dedicated Security Account Manger X X

• Quarterly Business/Security Reviews X

Dark Web Monitoring X

Brand & IP Protection X

Priority Target Monitoring X

XDR Sensors (Add-on) (Add-on) (Add-on)

 Internal Use Only

MDR Portal: Dashboards

 Internal Use Only

MDR Portal: PAAs & Emergency Contacts

 Internal Use Only

MDR Portal: Tickets

 Internal Use Only

MDR Portal: Reporting

 Internal Use Only

Global leader in cybersecurity

30B 400+ 18
daily threat threats ransomware
queries discovered decryptors
every minute provided to
the market

$1.6B 285 400+

amount saved elite security R&D
by ransomware researchers employees
victims across six
research
centers
 Internal Use Only

150+ OEM Partnerships

T1 T1 Fixed
Mobile
operator
operator
in USA in USA

*Logos correspond to Bitdefender’s OEM and Technology Licensing partners.