MDR Compliance

At bluedog we provide two levels of protection. The second of which is the MDR Compliance package. This package includes all of the MDR Essential services, with an additional layer of management and network compliance modules.

What’s inside MDR Compliance?

Starting with the Tactical Monitors, this section of the bluedog customer dashboard reveals different types of modules within the five domains of the CIS Controls benchmark. These include Incident Management, Vulnerability Management, Patch Management, Configuration Management and Change Management. In addition, bluedog has added a Detection Management module.

Managed and Detection Response

The Core Values of bluedog

Incidents will always occur, in every network and at every company. The questions asked by management are always the same: “How much did it cost?”, “How fast did we find it?” and “How quickly was it resolved?”. With this report, this information is made available in an easy to understand format.

This module is tightly coupled to the vulnerability scanning modules available in the SOC Monitor section of the dashboard. The core difference between them is that the report for management is expressed over time. “How exposed is the organization to known vulnerabilities?”, “How long did it take to remediate discovered issues?”, and “How much did it cost to fix these vulnerabilities?”. These are questions that can be answered from information presented in this module.

How up to date are machines on the network? Using network data gathered during our core tasks, we can tell a lot about the devices that sit on the network, showing how long it takes to apply patches, as well as estimating on the patching costs.

Hardening of devices on the network is important as it makes life more difficult for intruders to break into them. How these systems are hardened is reflected in this module. Graphical results give meaningful insights on various types of hardening over time. All of these hardening assessments are done within the CIS hardening standards.

On the GRC Monitors section, a variety of industry known standards are listed, such as NIST CSF, ISO27k1, PCI-DSS and GDPR. If a different standard is required, this can very easily be added to the dashboard upon request.

Additionally, the Patch Compliance and Configuration Compliance monitors are also available to keep track of their respective state within the monitored network.

It’s often difficult to monitor compliance, especially on fast moving elements like network and system patches. Company baselines are made and put aside because they can’t be measured. The Patch Compliance monitor takes this baseline and provides insights on how many systems are within the said baseline.

Similar to the patch compliance dashboard, except measuring the compliance state of system hardening. How many systems are within the created baseline and what is the network coverage.

One of the core cyber security standards is the NIST Cyber Security Framework. An extensive model designed for compliancy which is used as the core reporting method for bluedog. A real-time compliance state overview is presented with a breakdown in all 5 segments of the NIST CSF. Each segment is broken down into the underlying chapters for a detailed insight.

Of course, NIST isn’t the only reporting we do. By default, ISO27k1, PCI-DSS and GDPR reports can be created. This gives direct insight on the current compliance state of the assessed network.

Watch our full end-user dashboard demonstration video here.