A term that is increasingly dear to providers of information security solutions is “proactivity”. The possibility of preventing threats, instead of responding to an attack already in progress, is a scenario increasingly requested by customers because, with so-called MDR – Managed Detection and Response – tools, it is possible not only to avoid falling victim to criminals but also to understand where the attacks are coming from, where they are aiming and what purpose they have. MDR is a service that provides organizations with solutions for scouting and responding to threats once discovered. An activity involving a human element: security providers provide their customers with access to the pool of specialized researchers and engineers who are responsible for monitoring networks, analyzing incidents and responding to them.

MDR addresses significant issues for modern businesses. The most obvious is the lack of security expertise within organizations. While training and building dedicated security teams that can perform full-time threat hunting may be feasible for larger organizations, most enterprises will find this a difficult proposition given resource limitations. This is especially true for medium and large entities that often find themselves the target of cyber attacks but lack the staff or manpower to undertake direct threat-scouting processes. Even organizations willing to invest time and money may struggle actually to acquire the right staff. Suffice it to say that in 2021, there were 3.5 million vacant positions in the cybersecurity sector. Companies also need help with implementing complex endpoint detection and response (EDR) solutions, which are typically not maximized due to a lack of time, expertise and funding to train staff to operate the dedicated platforms.

In itself, MDR integrates EDR tools into its security implementation, making them an integral part of detection, analysis and response roles. An often overlooked issue when it comes to cybersecurity is the sheer volume of alerts that IT teams regularly receive. Many alerts cannot be easily identified as malicious and must be checked individually. Additionally, groups must be able to contextualize and correlate these threats, as only correlation can reveal whether seemingly insignificant indicators are part of a larger attack. This can overwhelm smaller businesses and take valuable time and resources away from their operations. MDR aims to address this problem by detecting threats and analyzing all factors and indicators involved in an alert.

How it is structured

For many companies, the governance model for MDR activities is dual. The supplier’s responsibilities concern the monitoring of services, resources and main performance indicators; sensor tuning; the analysis of the threats detected; the execution of remediation actions, with possible involvement of the customer if necessary; reporting on the status of the service and communicating changes to the configuration of the MDR service. The customer, for his part, only needs to request the exclusion of specific files or folders and the communication of changes to applications and services.

MDR also provides recommendations and changes to organizations based on their interpretation of security events. Today’s technologies may have the ability to block threats, but digging deeper into the “how,” the “why,” and the “what” requires human intervention. MDR is designed to address an organization’s cybersecurity skills gap, ideally at a lower cost than the company will have to spend on building its own specialized security team.

There are many use cases, from support to the IT department to resolving the lack of cyber skills. Furthermore, for organizations unable to intervene promptly in the event of an incident or to adopt a proactive approach by executing, the MDR presents itself as a reference platform, solid and capable of supporting a high IT load. And, an aspect that should not be underestimated: only by relying on an MDR service can you have predictive analysis tools based on Machine Learning and AI for detection and protection even from yet unknown malware.