What Are Managed Detection and Response (MDR) Services?Managed Detection and Response (MDR) services are outsourced services for hunting, identifying, and responding to cyber threats. All MDRs focus on intelligently surfacing issues, vulnerabilities, or incidents for organizations to address. Some MDR services will also proactively respond to incidents as well, either manually or automatically. These services usually focus more on improving security postures than on managing compliance ...
We’ve collected videos, features, and capabilities below. Take me there.
Managed Detection and Response (MDR) services are outsourced services for hunting, identifying, and responding to cyber threats. All MDRs focus on intelligently surfacing issues, vulnerabilities, or incidents for organizations to address. Some MDR services will also proactively respond to incidents as well, either manually or automatically. These services usually focus more on improving security postures than on managing compliance concerns, which is usually a main goal for broader managed security service providers (MSSPs).
Managed detection and response services use endpoint or extended detection and response (EDR/XDR) tools to monitor and protect client organizations. Outsourced management of these capabilities give organizations access to security resources and expertise that would otherwise be outside of accessibility or affordability to use in-house. MDR services can build on existing detection and response functions in an organization, or implement an entirely new system from the ground up.
Fully managed services will often supply their own proprietary EDR/XDR platforms.Many extended detection and response vendors will offer both the standalone tools and managed services, depending on what best fits a particular business. These services usually have a heavy focus on threat intelligence delivery and threat hunting, with less automated remediation.
In contrast to MSSPs, MDR services are focused on internal threats, particularly processing the massive amounts of data that comes from various security systems. They utilize a mix of automated analytics and human intelligence processing to deliver high-quality monitoring and alert management. MDR services present many benefits to organizations, including:
Saving staffing resources and in-house administrators’ time
Mitigating in-house security alert fatigue
Improving access to security expertise, which results in an overall improved security posture
Managed detection and response is closely related to endpoint or extended detection and response (EDR/XDR). EDR/XDR tools are usually the core technology utilized by MDR services, although some MDRs will use additional tools. The key difference is that the MDR service provider handles the implementation, maintenance, and day-to-day management of the tools using added human security expertise. This mitigates or eliminates the need for the client business to run any of the technology or processes in-house. The MDR provider’s focus on human intelligence expertise also differentiates the two categories.
The shift towards an MDR model comes as traditional endpoint detection and response tools have become more complex, evolving into a whole new level of monitoring (extended detection and response). This complexity is increasingly challenging and resource-intensive to manage in-house, making outsourcing a more viable and attractive option.
Consider these factors when comparing managed detection and response services:
Breadth of Services: Does each service offer remediation capabilities as well, or is it just focused on threat detection and alert management? The latter may be sufficient if the business already has robust response tools and processes in place.
Threat Intelligence: How robust are each tools’ threat intelligence offerings? How up-to-date do they keep their intelligence? Does it just rely on automated inputs, or are there more human inputs as well?
EDR vs. XDR: What kind of system does each service manage? Does it just monitor endpoints, or does it cover broader surfaces for detection and response? Consider surfaces like networks, servers, or cloud-based applications.
Deployment: Does the business benefit more from cloud-based or on-premise MDR capabilities? Cloud-based systems is the current trend, but all on-prem environments can still be served well by on-premise solutions, as they may be more responsive to emerging or active threats.
