Dell is trying to beef up data protection services to customers via its security operations centers (SOCs) in a bid to stop cyber criminals that are targeting backup and restore systems in the datacenter.
It has expanded its managed detection and response (MDR) services through an agreement with CrowdStrike. Dell is now using CrowdStrike’s Falcon Next-Gen SIEM (security incident and event management) as part of its MDR, to “simplify” threat detection and response with a unified platform, “boosting visibility” and helping to prevent breaches.
The combo promises to give enterprises visibility into their infrastructure that’s “not possible with off-the-shelf tools”.
Dell says cyber baddies are increasingly targeting data protection environments first, because they are fundamental to recovering and restoring corrupted data. Currently, many IT security teams rely on the infrastructure to provide system log information to a SIEM tool. But this can create a flood of unprioritized alerts that security teams have to spend significant amounts of time manually reviewing and addressing, adding another layer of complexity to managing infrastructure security, according to Dell.
As an alternative, Dell and CrowdStrike have developed more than 60 unique indicators of compromise (IOCs) tailored specifically for Dell PowerProtect Data Domain and PowerProtect Data Manager. The IOCs are surfaced within Falcon Next-Gen SIEM’s AI-powered detections, ranked by severity, and provide forensics data to Dell security analysts to “accelerate” responses, we’re told.
Examples of the IOCs include disabled multi-factor authentication, login from a public IP address, mass data deletion, and multiple failed login attempts.
“Extending MDR to cover data protection infrastructure and software enhances visibility and proactive threat detection across the environment, providing exceptional protection from threats,” said Mihir Maniar, vice president, infrastructure, edge and security services portfolio, Dell Technologies. “Dell and CrowdStrike have developed advanced threat detection capabilities to provide actionable, high-quality data to our security experts. With this expansion, we’ve extended our MDR service to provide end-to-end coverage across IT environments.”
“Falcon Next-Gen SIEM provides Dell MDR with a powerful, foundational new platform to seamlessly ingest rich data backup and protection telemetry, and rapidly detect and respond to threats,” added Daniel Bernard, chief business officer, CrowdStrike. “Together, we look forward to delivering the technology and services that customers need to transform security operations, protect critical data, and stop breaches.”
This isn’t the first time that Dell has integrated its services with third party technologies to boost protection. Dell’s on-premises and in-cloud PowerProtect Cyber Recovery vault products use Index Engines’ CyberSense software to give full content indexing and searchability for ransomware activity. IBM’s Storage Defender product also uses CyberSense software, as does Infinidat’s InfiniSafe Cyber Detection.
Last year, both Rubrik and Cohesity announced service integration deals with CrowdStrike to improve their threat protection offer to customers.
Dell MDR services are currently available in 75 countries.
