Important - Managed Data Detection and Response Service (MDDR or Managed DDR) is available only to Dell Cloud customers.

Overview

Managed Data Detection and Response Service (MDDR or Managed DDR) is a managed service that offers round-the-clock monitoring, detection, and response for your backups in Dell. It provides monitoring & notification for the threat indicators listed in the table below.

As part of MDDR Service, Dell provides the following capabilities:

Detection

Key backup threat indicator monitoring: Our MDDR service monitors key threat indicators that could compromise your backed-up data. This includes identifying anomalies, suspicious activities, and potential breaches.

Response

Playbooks for various incident scenarios: In the event of a detected threat, our MDDR service employs predefined playbooks tailored to various incident scenarios that provide a structured response strategy designed to help mitigate threats. Each playbook is crafted to address specific types of incidents, from malware attacks to data breaches.

Key Features and Benefits

24/7 Monitoring: The MDDR Service operates around the clock, continuously surveilling your backup systems to detect and address potential threats.
Proactive Threat Management: The MDDR Service proactively identifies potential risks by monitoring key threat indicators and advanced monitoring tools.
Structured Incident Response: Using detailed playbooks ensures a systematic and efficient response to various incident scenarios, minimizing downtime and data loss.

Get started with MDDR Service

How to access MDDR Service?

This service is automatically built into the Cloud Platform and is available as part of your backup subscription. For information on how to get started, please contact your account manager or customer success manager. You may also contact support for further assistance or questions.

❗ Important:

MDDR Service is not available for GovCloud and SFDC customers.

What do we monitor using the MDDR Service?

MDDR Service monitors a range of events. The following table provides information about the types of events monitored for different products*:

Device and User Account Alerts For Endpoints, Microsoft 365, and Google Workspace	Snapshot Deletion For Enterprise Workloads	Backup Set Deletion For Enterprise Workloads	Backup Set Disabled For Enterprise Workloads
Admin deleted device/s Admin deleted user/s Deleted user/s Deleted device/s Disabled user/s Disabled device/s	VMware Hyper-V Nutanix AHV File Servers NAS Oracle PBS Oracle DTC MS SQL	VMware Hyper-V Nutanix AHV File Servers NAS Oracle PBS Oracle DTC MS SQL	VMware Hyper-V Nutanix AHV File Servers NAS Oracle PBS Oracle DTC MS SQL

* Threat indicators are subject to change at Dell’s discretion.

How do we action MDDR alerts?

Dell has implemented a proactive approach to handle MDDR alerts. Systems are configured to automatically generate cases upon receiving an MDDR alert. This automation helps to streamline the initial response process, reducing response time. The process includes:

Manual Validation: Once a case is created, the Dell Incident Response team triages alerts, investigates them, and verifies them to weed out noisy, false positive alerts.
Admin Verification: The alert is validated, and the Dell Incident Response team contacts all administrators associated with the account. The purpose is to verify whether the event was planned or an unexpected incident.
Critical Alert Actions: For snapshot deletion alerts, which are categorized as critical alerts, Dell implements staggered data deletion from the Dell cloud for deleted or expired snapshots.

Related Keywords

Managed DDR

MDDR

Managed Data Detection and Response Service

Druva inSync - FireEye Helix Integration

Introduction to Cyber Resiliency

Get started with Threat Hunting

IOC Library and Threat Intelligence

Data Anomalies Dashboard