What is Managed Detection & Response?
Zip is pleased to offer a Managed Detection & Response (MDR) service through our partner
Coalition, which provides around-the-clock (24/7/365) monitoring and response to
Crowdstrike security alerts. This means that any threats detected by CrowdStrike will be
investigated in real-time by a team of experts who will ensure CrowdStrike successfully
stopped the threat and implement any additional actions as needed, such as isolating
impacted devices. For any critical or high alerts (detailed below), the MDR team will
complete an incident report that details the origin of the threat, what the threat was
attempting to do, and any additional remediation steps that should be taken. This
eliminates the need for someone in the organization to triage alerts directly.
Key Benefits:
- 24/7 Real-Time Monitoring: Around-the-clock expert response to threats.
- Peace of Mind: No need for internal resources to manage security alerts.
- Faster Threat Elimination: Immediate action to isolate and eliminate threats as soon as they’re detected.
Working with our MDR Partner
We are pleased to have partnered with Coalition, a best-in-class security service provider
with a team of expert analysts that can provide 24/7 monitoring of alerts. Coalition
integrates seamlessly with your existing Zip setup to provide coverage.
Any alert flagged by Crowdstrike will be reviewed and triaged. The below table outlines
when and how we notify you or your chosen security contact regarding new discoveries.
Alert Level | Incident Type | Response | Communication with Client |
Critical | Ransomware, Lateral Movement, Hacking Tools | Immediate action to contain + eliminate taken. Direct action may be taken to contain and eliminate any threats. This may have user impact. | Communicated via email + phone call within 45 minutes.
Outside of business hours this is communicated by 8am the following day. |
High | Trojans, Credential Harvesting | Typically acknowledged and reported within 1 hour.
Containment + mitigation support provided until resolution. | Communicated via email within 1 hour.
Outside of business hours this is communicated by 8am the following day. |
Medium | Applications such as games and torrent sites. | Typically acknowledged and triaged within 1 hour. | No client contact unless further action is required |
Low | Activities relating to applications, such as toolbars and web plugins. | Typically acknowledged and triaged within 1 hour. | No client contact unless further action is required |
For further information, please read our FAQ: What happens if an end user triggers a CrowdStrike security alert?
If you have additional questions, please feel free to reach out to info@zipsecinc.cc.