Vidara
Table of contents
Introduction
Vidara is Wortells own Cyber Security Platform. The platform contains fundamental components to deliver security services to our customers. You can think of features like automated triage and filtering of false positive alerts, but also Wortells high quality use-case library with advanced detections and response. Vidara is the base package of the Wortell Managed Detection and Response offering. On top of this base package, various security packages can be enabled.
SKUs
Vidara comes in a couple of flavours:
Feature | Bronze | Silver | Gold |
---|---|---|---|
Detecting threats | + | + | + |
Response | 8/5 | 24/7 | 24/7 |
Use-case library | - | + | + |
Threat Intelligence | - | - | + |
Dashboards | Basic | Basic | Full |
Multi tenant support | - | - | + |
Monthly Reporting | + | + | + |
Quality Assurance | Basic | Basic | Advanced |
Azure Sentinel Management | + | + | + |
Features
Detecting threats and response
Vidara™ Deep Sight is the core of the Vidara™ platform and integrates with the Azure Sentinel environment of organizations. Vidara™ empowers Wortell in detecting and responding to incidents and alerts. Wortell uses its proven task based incident handling methodology to create a response plan for each incoming incident. ncident response plan is a set of instructions to support the Wortell and the customer in responding to cyber security threats. The plans contain procedures on how to triage, investigate, contain an mitigate a cyber security incident. How an organization responds to an incident can have tremendous bearing on the ultimate impact of the cybersecurity incident. In certain scenario’s, organizations may find that insurance companies will not accept claims if certain predetermined steps are not taken.
The Vidara DeepSight Service allows for classification of security incidents to provide adequate response times.
Usecase Library
Single alerts or threat intel is not sufficient to understand the scope of attack. It is important to correlate alerts from various sources into use-cases. By combining the alerts, it becomes possible to understand the attack and take appropriate actions.
The Vidara™ use-case Library is a collection of pre-defined use-cases for known threats and use-cases created for customer specific scenarios. The use-cases available in the use-case library are managed by Wortell and distributed over all active Managed Detection and Response customers. By distributing these use-cases, all customers benefit from the same level of defense without the need for big investments.
Dashboards
Wortell has developed its own Honeypot Network called Vidara HoneyNet. Honeypots in this network collect threat intelligence that is used in our security use cases and detections. These usecases allow for detecting mallicious IP addresses, file hashes, domains, etc. Aside from threat intelligence provided by our Vidara HoneyNet, threat intelligence from the latest exploits of CVE’s is also added to the threat intelligence database.
Dashboards
Wortell has a dashboard environment available that the customer can use to have realtime insights in their Wortell Managed Detection and Response service. Dashboards come in two flavours: basic and advanced. Basic dashboard give basic insights in the the Wortell Managed Detection and Response service. Think of the amount of incidents that are handled, triage results and details on the incident sources. Advanced dashboards give all the insights of basic dashboards but also provide a added level of detail. Think of details on alert indicators an in-dept information on incidents.
Mutli tenant support
By default the Vidara Platform supports a single Microsoft Tenant. When dealing with multiple-tenants, the Vidara Gold SKU is required. This SKU provides al technical services to support multiple Microsoft tenants.
Monthly reporting
A detailed report containing in-dept information of the incidents handled last month by Managed Detection and Response is provided on a monthly basis. This report also contains trends over a longer timespan.
Quality Assurance
By default, Wortell has quality assurance enabled for all Managed Detection and Response subscriptions. Quality assurance means that a certain set of incidents (randomly chosen) will be validated by a quality assurance engineer. Depending on the offering, basic or advanced quality assurance is executed. The difference between basic and advanced lies in the size of the set of incidents that will be validated
Type | Percentage of incidents that will be validated |
---|---|
Basic | 5% |
Advanced | 10% |
Azure Sentinel Management
Wortell uses Azure Sentinel as SIEM (Security Information Event Management System) for its security services. As part of Wortell Managed Detection and Response, Wortell will manage Azure Sentinel. By managing Azure Sentinel Wortell is able to deliver it’s services as described in the service level agreements. Wortell will make sure that all settings are set to perform it’s security services. Changing/updating Azure Sentinel by an other operating party other than Wortell will result in an non-compliant configuration, meaning that Wortell can no longer deliver its services based on the service level agreements.
Cost Calculation
The cost will be calculated based on the number of connected tenants. When the customer has a subscription on Vidara Gold, only one instance will get invoiced.
Product Requirements
The following requirements are necessary before onboarding this product to our MDR service:
Requirements | MoSCoW |
---|---|
Accounts for MDR team (no guest access) | Must have |
Break Glass accounts are configured | Should have |
Azure AD Privileged Identity Management is configured and in use | Should have |