Managed detection and response (MDR): How to get the most out of it

Security teams have learned the hard way that technology alone won’t stop every cyberattack. The task also requires the human element: threat hunting, investigation, and response. To fuse the technological with the human, many organizations have turned to managed detection and response (MDR) services.

MDR offerings provide remotely delivered security operations center capabilities to detect, investigate and mitigate incidents.

While threat hunting can be performed in house using EDR (endpoint detection and response) and XDR (extended detection and response) tools, security experts have cited extensive benefits to using an MDR service either alongside an in-house team or as a fully outsourced service:

  • Elevated cyber defenses: An MDR vendor will experience a far greater volume and variety of attacks than any individual organization, giving them a level of expertise that is almost impossible to replicate in house. MDR service providers often have greater fluency in using threat hunting tools, enabling them to respond more quickly and accurately.
  • Greater IT capacity: One big benefit of MDR – it frees security teams up to support business-focused initiatives. Threat hunting is time-consuming and unpredictable work that often prevents IT teams from focusing on more strategic projects. Organizations using MDR report considerable IT efficiency gains, which in turn enables them to better support their organization’s goals.
  • Added expertise without added headcount: Threat hunting is a highly complex operation. Individuals in this space need to possess a specific and niche set of skills, which makes recruiting threat hunting expertise an uphill task for many organizations. MDR services provide that added expertise.
  • Improved ROI: MDR services provide a cost-effective way to secure an organization and stretch cybersecurity budgets further, greatly reducing the risk of experiencing a costly data breach and avoiding the financial pain of dealing with a major incident.

Cybersecurity company Sophos recently held a webinar about how CISOs can get the most from their MDR partner. A panel of security practitioners shared lessons learned from their MDR experiences: Bob Pellerin, director of information security at The Fresh Market; Nikhil Kalani, VP and CISO at Reynolds & Reynolds; and Sophos CISO Ross McKerchar. The webinar was hosted by Sophos VP of Product Marketing Marty Ward.

Topics the panel covered included:

  • Defining MDR
  • Questions to ask when considering an MDR provider
  • How organizations benefit from MDR partners’ specialized skillsets
  • Deciding between a do-it-yourself, fully managed, or collaborative/hybrid approach
  • The process of onboarding an MDR partner
  • Measuring results from your MDR partner

The webinar can be watched here.

Bill Brenner

Bill Brenner is VP of Content Strategy at CyberRisk Alliance — an InfoSec content strategist, researcher, director, tech writer, blogger and community builder. He was formerly director of research at IANS, senior writer/content strategist at Sophos, senior tech writer for Akamai Technology’s Security Intelligence Research Team (Akamai SIRT), managing editor for CSOonline.com and senior writer for SearchSecurity.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.