Not too long ago in the cybersecurity space, a lot of providers would only deliver technologies, and a lot of MSSPs would only provide the alert. There was a gap with the remediation in response.
And voila! MDR was born.
MDR, or Managed Detection and Response, takes responsibility not only for the visibility into security and the tools, but also the remediation and response that's necessary for a robust security practice. MDR provides a threat detection service based on detection and response to security threats – or indications of compromise.
Today's MDR solutions rely on visibility into security alerts and events, combined with anomaly detection and threat hunting to detect the obvious alerts that need attention, as well as the more subtle indicators of compromise that might indicate a more evasive threat. While some modern malware, like ransomware, is easy to detect, a more sophisticated attacker with backdoor access may leave few clues about an intrusion and is silently exfiltrating sensitive data over months at a time.
How does it work?
Some MDR providers have flexible ways to put technology into a customers' network, from monitoring the endpoint, putting in network sensors, or collecting information directly from security appliances. This allows for flexibility, giving the customer the visibility necessary to understand what's going on in their network.
At Nuspire, our MDR service has technology that feeds into five different SOC’s with security analysts working 24x7 to investigate indications of compromise and call you when there is an incident and help you with the remediation.
However, not all MDR providers are the same.
Features your MDR SHOULD include
As with any service or technology provider, each has its own features. However, when it comes to vetting for an MDR provider, make sure they include these key features;
- Security Analysts available 24x7x365: Ensure you have full access to security experts that are working around the clock to investigate and response to alerts in real time that technology might have missed, while also providing remediation assistance.
- Network Detection and Response: In-depth visibility into network traffic inspection device that monitors traffic inside your local area network and quickly discovers new threats that have bypassed your security defenses. Catch threats that your gateway might have missed, without slowing down your network.
- Endpoint protection and detection: Ensure your endpoint agent provides AI-driven static and dynamic behavioral analysis – monitoring and logging all executable behavior both before and during runtime. Use an agent that can be deployed in a passive/logging mode (EDR) or an active protection mode (EPP) to either augment or replace your existing antivirus/next-gen antivirus solution. Collect critical intelligence about executable activity, exposing even the most evasive zero-day malware.
- Threat Detection and Response: The use of tools, such as Security Information Event Management (SIEM) collects data from any log generation source from any device, anywhere. Whether it be a firewall, mail filtering solution, cloud SaaS platform, anti-malware system, web security device, logic controller, or a toaster with an ethernet port, if it’s critical to your business, leverage its data to better secure your network.
- Access to Data: Receive customized reports and have full access to data, pulled from machine learning, big data, and threat intelligence to leverage for visibility across your endpoints, network, and devices.
Benefits of MDR
When you vet the right MDR solution provider for your organization, not only will it help your organization remain secure from cyber threats, but you’ll receive several positive outcomes that will benefit your organization, including;
- The ability to leverage more of your existing data, maximizing the ROI on your current security investments, and utilizing data from sources.
- Correlate your security alert and event data against a meticulously tailored selection of threat intelligence and apply cutting-edge artificial intelligence analytics to detect even the most evasive threats.
- Empower rapid and complete mitigation of threats with full root cause analytics and remediation plans provided by SOC analysts – all within the industry’s most aggressive SLAs.
- Define the data sources that will enable a robust MDR solution.
- Take the burden of the day-to-day management of existing technology like firewalls or a next-generation antivirus system and leverage a variety of log collection technologies (such as host agents, virtual collection appliances, or cloud collection appliances) and a proprietary Rapid Device Onboarding process for data parsing and normalization.