Managed detection and response (MDR): How to get the most out of it

Abraham Smith

Security teams have learned the hard way that technology alone cannot stop every cyberattack. The task also requires the human element: threat hunting, investigation and response. To merge the technological with the human, many companies have turned to managed detection and response (MDR) services.

MDR offerings provide remotely deployed Security Operations Center capabilities for incident detection, investigation, and mitigation.

While threat hunting can be performed in-house using EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) tools, security professionals have cited extensive benefits of using an MDR service either alongside an in-house team or as a fully outsourced service:

  • Increased cyber defenses: An MDR provider will experience a far greater volume and variety of attacks than any single organization, giving them a level of expertise that is almost impossible to replicate internally. MDR service providers are often more proficient with threat-hunting tools, allowing them to respond more quickly and accurately.
  • Higher IT capacity: A major benefit of MDR – it frees up security teams to support business-focused initiatives. Threat hunting is a time-consuming and unpredictable work that often prevents IT teams from focusing on more strategic projects. Organizations using MDR report significant IT efficiency gains, which in turn enable them to better support their organization’s goals.
  • Additional know-how without additional employees: Threat hunting is a highly complex process. Individuals in this space are required to have specific and niche skills, making recruiting threat hunting expertise a difficult task for many organizations. MDR services provide this additional expertise.
  • Improved ROI: MDR services offer a cost-effective way to protect an organization and further stretch cybersecurity budgets, greatly reducing the risk of a costly data breach and avoiding the financial pain of dealing with a larger incident.

Cybersecurity company Sophos recently held a webinar on how CISOs can get the most out of their MDR partner. A group of security practitioners shared their lessons from their MDR experiences: Bob Pellerin, director of information security at The Fresh Market; Nikhil Kalani, VP and CISO at Reynolds & Reynolds; and Sophos CISO Ross McKerchar. The webinar was moderated by Marty Ward, VP of Product Marketing at Sophos.

Topics covered by the panel included:

  • Define MDR
  • Questions to ask when considering an MDR provider
  • How companies benefit from the specialized skills of the MDR partners
  • Choose between a do-it-yourself, a fully managed, or a collaborative/hybrid approach
  • The process of onboarding an MDR partner
  • Measurement results from your MDR partner

The webinar can be viewed here.

Leave a Reply

Your email address will not be published. Required fields are marked *