A new era for managed detection and response: Accenture MxDR powered by Google Chronicle
Summary
TLDRIn this informative session, Accenture's Brent Hambly introduces a new managed service partnership with Google, aimed at enhancing clients' cybersecurity. The service merges Google's advanced security technology with Accenture's extensive experience in security operations. Hambly emphasizes the solution's adaptability to various environments and budgets, highlighting its ability to help clients detect and respond to threats more effectively. The discussion also touches on the challenges faced by security leaders and the importance of a proactive, intelligence-driven approach to cybersecurity.
Takeaways
- đ Brent Hambly, leader of Accenture's North America detection and response practice, introduces a new managed service in partnership with Google to enhance clients' security operations.
- đĄïž The service combines Google's advanced security technology with Accenture's extensive experience in security operations, aiming to provide a best-in-class solution.
- đ The solution is adaptable to various environments, constraints, and budgets, ensuring clients can leverage Google's technology and Accenture's services effectively.
- đš The service aims to help clients avoid costly and disruptive security breaches, emphasizing the importance of proactive and efficient security measures.
- đĄ Accenture and Google's partnership brings together various security capabilities, including Chronicle security operations, Mandiant threat intelligence, and security AI workbench, among others.
- đ The managed detection and response (MDR) service is built on Google's technology, offering a scalable and efficient platform for security operations.
- đ Security Orchestration, Automation, and Response (SOAR) is integrated into the service to enhance response capabilities and streamline security operations.
- đ The service includes a centralized web portal for clients to interact with the service, access dashboards, and gain insights into their security environment.
- đ Accenture's unified Content Library, contributed to by hundreds of professionals globally, provides pre-built use cases, automation playbooks, and other resources to scale security operations quickly.
- đ The script highlights the importance of tracking metrics such as average time to detect and remediate threats to demonstrate the effectiveness of security operations over time.
Q & A
Who is Brent Hambly and what is his role at Accenture?
-Brent Hambly is the leader of Accenture's North America Detection and Response practice. He works with clients to help design, build, and run their security operations and choose the best solutions and partners for their needs.
What is the main focus of the session that Brent Hambly is leading?
-The main focus of the session is on cybersecurity, specifically discussing Accenture's partnership with Google and the managed service they have launched to secure their clients with advanced security capabilities.
What is the significance of the partnership between Accenture and Google in the context of cybersecurity?
-The partnership between Accenture and Google combines Google's best-in-class technology and advanced security capabilities with Accenture's years of delivery experience in security operations, offering a managed service that is adaptable to various client environments, constraints, and budgets.
How does Brent describe the challenges faced by security leaders today?
-Brent describes the challenges faced by security leaders as managing both the modernization of security and dealing with technical debt. They are tasked with securing new assets and technologies rapidly adopted across the organization, often without being involved in the planning process or having the budget to handle it.
What is the role of Managed Detection and Response (MDR) in Accenture's security services?
-MDR is a key part of Accenture's security services, providing clients with a platform that delivers 24/7 service, utilizing people and technology to be proactive and scalable in understanding the threat landscape and applying that knowledge across their client base.
What does Brent emphasize as the most important aspect of a security leader's job in detection and response?
-Brent emphasizes that the most important aspect of a security leader's job in detection and response is prioritization. They need to understand what matters and what doesn't to effectively manage their efforts and resources.
What is the significance of the Chronicle Security Information and Event Management (SIEM) capability mentioned by Brent?
-The Chronicle SIEM capability is significant because it allows for the ingestion of all security-relevant data and makes it searchable at sub-second intervals, providing a fast and responsive platform for clients to hunt and explore their own data and collaborate with Accenture's service.
What is the role of Security Orchestration, Automation, and Response (SOAR) in Accenture's service delivery?
-SOAR is an integral part of Accenture's service delivery, helping to enrich the understanding of incoming threats, accelerate response, and improve case management workflows within a Security Operations Center (SOC).
How does Accenture's managed service differ from other managed services in terms of collaboration with clients?
-Accenture's managed service differs by offering a collaborative process with clients, allowing them to actively participate in the service and make their own conclusions, unlike many managed services where the process can be less collaborative.
What is the importance of the unified Content Library that Accenture has developed?
-The unified Content Library is important because it contains pre-built use cases, automation playbooks, reporting dashboards, threat hunt data models, etc., which can be immediately scaled in a client's environment, providing practical value and accelerating the activation process.
What are the two models Accenture offers for its managed detection and response service?
-Accenture offers a full stack model, which includes their platform and people providing 24/7 support globally, and a hybrid model, which allows clients to use their own platform while still benefiting from Accenture's managed service.
What is the significance of the generative AI capabilities that Accenture is leveraging?
-The generative AI capabilities are significant as they help Accenture scale their operations and improve the quality of their service delivery rapidly, providing an assistant to security operators to help them through investigations and reduce response times.
What is the purpose of the security AI assistant that Accenture is developing?
-The security AI assistant is being developed to help security operators be more effective and efficient in their work by providing prioritized actions, quick responses, and confidence in the actions taken during an investigation.
What are the key factors that Accenture considers when selecting a partner for detection and response services?
-Accenture considers factors such as the provider's ability to detect threats, the value they place on intelligence, their alignment with the client's industry, their understanding of the client's business, their ability to serve the entire enterprise, and their approach to keeping costs down year to year.
How does Accenture's approach to threat intelligence differ from other providers?
-Accenture's approach to threat intelligence involves a structured conversation with clients to understand their threat landscape, prioritizing content and rule sets based on the threats, and advising clients on the benefits of a threat intelligence platform, including the importance of organic or original threat intelligence.
What is the significance of the 12-step process of decomposing threat actor activity mentioned by Brent?
-The 12-step process, likely referring to the MITRE ATT&CK framework, is significant because it allows for a more effective defense by understanding the specific stages of an attack and how it typically plays out, enabling better detection and response strategies.
How does Accenture plan to leverage generative AI in its security operations?
-Accenture plans to leverage generative AI to scale its operations and improve the quality of service delivery rapidly. This includes building its own security AI assistant and utilizing models from the Vertex AI ecosystem to assist security operators in their investigations and decision-making processes.
Outlines
Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.
Améliorer maintenantMindmap
Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.
Améliorer maintenantKeywords
Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.
Améliorer maintenantHighlights
Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.
Améliorer maintenantTranscripts
Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.
Améliorer maintenantVoir Plus de Vidéos Connexes
Cara Bikin Google Site Untuk Pemula
NCBI Minute: Five Teaching Examples Using BLAST
Paul Kelsey Final December 2024
ETIKA DAN INTEGRITAS KEPEMIMPINAN PANCASILA oleh Alamsyahril, M. Pd
Google Play PolicyBytes - October 2024 policy updates
What is Recon and Footprinting? Uses and Types of Footprinting: Full Tutorial
5.0 / 5 (0 votes)
