Managed Detection and Response (MDR)

Managed detection and response (MDR) is an outsourced service that provides organizations with threat hunting services and responds to threats once they are discovered. It also involves a human element: Security providers provide their MDR customers access to their pool of security researchers and engineers, who are responsible for monitoring networks, analyzing incidents, and responding to security cases.

MDR is more focused on threat detection, rather than compliance. The services are delivered using the provider’s own set of tools and technologies, but are deployed on the users’ premises. The technology stack often deals with host- and network-based solutions. The provider will be responsible for managing and monitoring these tools. The tools are placed to guard Internet gateways and can also detect threats that have passed traditional perimeter security tools. The techniques providers use may vary: some rely solely on security logs and others use network security monitoring or endpoint activity to secure your network.

Managed detection and response relies heavily on security event management and advanced analytics.

While some automation is used, managed detection and response usually involves humans to monitor your network round the clock. Humans also do analysis of security events and alerting the customer. Customers can expect to have direct interactions with the analysts rather than relying on a portal or a dashboard when it comes to alerting, investigating security events, case management, and other activities.

Managed detection and response service providers also perform incident validation and remote response. This means if you need to identify indicators of compromise, reverse engineer a piece of malware, or do some sandboxing, you can rely on your service provider for all these things. You can even consult with them on how to remedy or contain security vulnerabilities.