Managed Detection and Response (MDR) denotes outsourced cybersecurity services designed to protect your data and assets even if a threat eludes common organizational security controls.

An MDR security platform is considered an advanced 24/7 security control that often includes a range of fundamental security activities including cloud-managed security for organizations that cannot maintain their own security operations center. MDR services combine advanced analytics, threat intelligence, and human expertise in incident investigation and response deployed at the host and network levels.

What challenges can Managed Detection and Response (MDR) address?

As the volume, variety, and sophistication of cybersecurity threats increase exponentially, organizations struggle to maintain security operations centers staffed with highly skilled personnel and resources. An ESG survey reveals 72% of SOCs report analytics are more difficult than two years ago. Cybersecurity talent is not keeping up with organizational demands. The same survey cites 58% of organizations cite employee skills as a key security effectiveness gap. As a result, Managed Detection and Response vendors provide a cost-effective menu of services designed to improve an enterprise’s cybersecurity defenses and minimize risk without an upfront cybersecurity investment.

MDR services provide higher skill-level analysts utilizing cutting-edge security tools and up-to-the-minute global databases beyond the reach and cost effectiveness of most enterprise budgets, skill levels, and resources. Thus, helping keep pace with continually evolving adversarial tactics and techniques.

The ESG survey shows 70% of SOCs describe having many manual processes as a limiting factor. MDR services provide an alternative to enterprises chasing the latest in advanced security products by integrating Endpoint Detection and Response (EDR) tools that become a challenge for security operations teams to learn and maintain. As a result, an enterprise’s level of threat monitoring, detection, and analysis are improved without the challenge and expense required to keep an internal security team fully staffed and up to date with the latest threat data.

MDR services are not limited to greater detection and response capabilities. They also provide proactive defense intelligence and insight of advanced threats to potentially overwhelmed security teams. Detection levels are improved while dwell time of breaches are reduced. Compliance challenges also can be met using MDR services providing full stakeholder reporting and log retention on a wide range of regulations and standards.

In 2019, Gartner published a key report on critical questions to ask when selecting an MDR provider.

Why choose Managed Detection and Response (MDR) over Managed Security Services Providers (MSSPs)?

Managed Detection and Response services are often compared to Managed Security Services Provider (MSSP) services. While they share similarities, they also differ in technology, expertise, and relationship. MDR services are typically proactive and focus on threats. MSSPs are designed to be reactive and focus on vulnerabilities. Unlike MSSPs, MDR services focus on detection, response, and threat hunting rather than security alert monitoring. MSSPs manage firewalls, but do not necessarily provide the same level of threat research, analytics, and forensics as MDRs. MSSPs recognize security issues but are incapable of revealing details of the threat that MDR services provide. MSSPs use log management and monitoring, vulnerability scanning and often Security Incident and Event Management (SIEM) platforms to notify organizations of threats. Automated MDR analytics and responses to advanced threats, file-less malware, and breaches can augment MSSP services. MDR services rely on more-direct communications such as voice or emails to analysts, rather than portals. MSSP primary interfaces are portal and emails with secondary chat and phone access to analysts.

Here are typical MDR and MSSP service comparisons. Not all MDR providers include the same levels of capabilities and tools in the following services:

MDR Services MSSPs
24x7 threat detection and response Some, not all
Manage firewalls and security infrastructure Yes
Proactive managed threat hunting for unknowns on network and endpoints No
Intelligence-based threat detection, triage, and extensive forensics No
Team of experienced threat detection experts available via phone, email, text No
Access to global threat intelligence and analysis No
Integrated endpoint and network security technology No

Benefits of Managed Detection and Response (MDR)

In the face of seemingly overwhelming security threats and campaigns, organizations are also coping with increasing security budgets and a challenging security job market lean on skilled security analysts. Gaining more protection, insight, and compliance without adding more tools and people is a goal that enterprises of all sizes seek. MDR can provide beneficial security services capable of meeting and sustaining an organization’s goals:

  • 24/7 monitoring and improved communications mechanisms with experienced SOC analysts
  • Experienced security analysts oversee your organization’s defenses without adding full-time staff and resources
  • Complete managed endpoint threat detection and response service
  • Improved threat detection and extended detection coverage
  • Expert investigation of alerts and incidents, and subsequent actions
  • Proactive threat hunting
  • Improved threat intelligence based on indicators and behaviors captured from global insights
  • Improved threat response
  • Decreased breach response
  • Improved forensics and higher-level investigations
  • Vulnerability management
  • Major incident response and log management
  • Remove burden of day-to-day security management from your staff and budget
  • Maintain access and customization to your organization’s security defenses
  • Improved compliance and reporting
  • Reduced security investment, increased ROI

Why McAfee Managed Detection and Response (MDR)?