Contact Us

What is
Managed Detection
and Response
(MDR) and why
do you need it?

Author: MacLean Guthrie

To keep up with the evolving cyber threat landscape, cyber security providers are constantly making adjustments by introducing new tools and techniques to protect data and networks. Currently, there is a shift away from traditional Managed Security Services (MSS) to Managed Detection and Response (MDR).

What is Managed Detection and Response (MDR) and why do you need it?

Managed Detection and Response is a managed security service that combines people, process and technology into one solution. It’s continually tuned to your unique needs, reduces the need to hire and retain security talent, and enables more rapid detection and response, 24/7. MDR services on the market today rely on a managed model, as the name implies. They take managed security a significant step further by combining people, processes and technology to identify and, more importantly, contain cyber attacks. Delivered over the cloud, a Managed Detection and Response service provides 24/7 detection and fast response capabilities for security incidents. The service is typically fully managed by an expert provider, making it easier to control costs and spare security teams from added responsibilities.

MDR services can help you protect against cyber threats

MDR services combine advanced technologies with human expertise to collect and maintain actionable intelligence, identify and flag major security incidents, and then quickly respond to incidents that may pose a threat to your organization.

Essential components of Managed Detection and Response include security information and event management (SIEM) technology. MDR also includes endpoint detection and response, network detection and response, deception detection and response, threat intelligence, user and entity behavior analytics, and threat hunting capabilities.

MDR's data collection and analytics capabilities can help keep your organization up to date with protection against the latest threats. A Managed Detection and Response provider is your partner in security, continually updating threat intelligence and tuning its monitoring of your environment to deliver the protection, detection and response suited to your particular business needs.

The provider's analysts and technology are used to identify previously unknown threats that can elude other security layers, such as firewalls and antivirus. Those tools rely on signatures of known viruses, Trojans, worms, ransomware variants and other types of malware to be effective.

While MDR employs advanced technologies, such as machine learning, to collect intelligence and stop threats, it also relies heavily on human expertise to hunt threats and identify new ones. Human experts also play a key role in incident response, jumping to action to stop or contain the damage once they receive a qualified alert.

Common Managed Detection and Response scenarios

MDR is compelling for organizations for multiple reasons. Because it is a managed service, you needn't invest in pricey on-premises SIEM solutions that require ongoing attention and training from your cyber security team. SIEM solutions get fairly complex and expensive to run, especially in organizations with multiple locations and hybrid environments, so the advantage over on-premises SIEM comes down to cost and management.

If you already use Managed Security Services, MDR services might seem unnecessary; you may believe you have all the security your organization needs. But Managed Security Services providers by and large focus on configuring security tools and around-the-clock monitoring. They typically do not offer the threat intelligence and rapid response capabilities of MDR. Unless you have that expertise in-house, you may need MDR.

Even organizations with internal cyber security teams can benefit from MDR. Consider a scenario in which a small security team manages the basics, such as analyzing logs and implementing security patches, but doesn't have the wherewithal to handle critical activities to stop advanced threats. It would make sense to outsource threat hunting, detection and response to an experienced MDR service provider to round out the organization's security strategy. It costs less than hiring more security experts, especially since there is a cyber security worker shortage of 3.1 million.

In another scenario, a multinational company has its own Security Operations Center (SOC) and security team but lacks the budget for threat hunting. Since the company cannot afford to ignore this critical function or hire the help it needs, it can turn to an MDR provider to fill the gap. An experienced provider also can guide the organization in building a robust, end-to-end protection strategy that focuses on overall risk reduction.

What to look for in a provider

As the Managed Detection and Response market matures, many vendors are now offering MDR services. However, their services may not deliver everything you really need. When evaluating MDR providers, look for offerings that include the essential components outlined above and a vision for building in more capabilities as customers' needs and the market shift.

An ideal provider should have a broad portfolio of managed and professional services to complement its MDR service and provide flexible pricing models based on factors such as the number of users you're protecting and the volume of data you want the MDR service to ingest. This allows you to scale up and down or modify as your business needs change.

Finally, look for a provider with a proven track record of delivering global-scale 24/7/365 services and protection. Though no security approach is 100% foolproof, this level of MDR service typically features the most efficient, up-to-date and relevant protection for your business, so you can concentrate on growing your bottom line instead.

Learn more about how Verizon's Managed Detection and Response service can help you protect against cyber threats.

MacLean Guthrie is a cybersecurity product marketing manager for Verizon.