This blog was originally published on MSSP Alert on September 20, 2024 Cybersecurity platformization is usually discussed as it relates to large organizations. But cybersecurity service businesses stand to benefit as much from platformization as enterprises — if not more so.

Artificial intelligence has a significant role to play in cybersecurity, and Microsoft CoPilot for Security is a great example of its promise, with its ability to help even novice security professionals process threat data more quickly and accurately. However, it can also benefit seasoned security pros, including managed detection and response (MDR) service providers.

Security information and event management (SIEM) systems are crucial to collecting and analyzing incoming cyber threats, but many companies need help to tune and monitor them properly. These firms enlist a security service provider to do it for them. That often leads to the question of whether a managed detection and response (MDR) service is also necessary. In short, yes, adding MDR is a strong move as it adds deep threat investigation, threat hunting, and response actions at the endpoint.

In February of 2024, SenseOn was contacted to assist with investigating suspicious activity on a customer’s estate. SenseOn analysts quickly identified a malware infection and identified the variant as SocGholish. This blog will showcase SenseOn’s detection and response capabilities against the malware and a breakdown of SocGholish’s techniques and that of the threat actor observed.

It’s Cybersecurity Awareness Month and you know what that means. Pumpkin spice versions of Trustwave Managed Detection and Response (MDR) solutions are now available! Well, not really, but pumpkin spice season is the perfect time to raise awareness about the importance of cybersecurity and ensuring that individuals and organizations are equipped to protect themselves against cyber threats.

As offensive security specialists for over 10 years, we have tested countless organisations who believe their SIEM, EDR or MDR provider offers them comprehensive defense, only to find them lacking in fundamental areas. From our experience, some “traditional” in-house, yet adequately resourced, Security Operations Centres (SOCs) can still provide a robust defense, while others struggle to stay on top of emerging threats.