MDR service: find the right one

1 November 2021
| No comments
MDR service: find the right one

Share post

Many companies hope to get external resources on board for their IT security. Managed Detection and Response, or MDR for short, is therefore a relatively new and increasingly important service in the cybersecurity industry.

But what can MDR do and what should be considered when choosing a service? The article gives three pieces of advice and calls for standards for MDR: proactive action, search for cyber threats and 24/7 availability of services.

MDR, MXDR, MEDR or just Detection & Response?

There are many different definitions of MDR, and which one arguably best fits is largely an academic question. Because providers deliver MDR services in different ways, which makes it difficult to categorize and compare them. However, companies and their IT security are already increasingly relying on external MDR services because they struggle to keep pace with more and more new threats based on their own resources alone: ​​an average SOC (Security Operations Center) receives more than 10.000 alerts. This number can be so overwhelming that many SOC teams can actually prioritize less than half of the incoming alarms at all. Most SOC teams not only lack the time or manpower, but often also lack the expertise to conduct a full analysis of an incident, resulting in inadequate responses. Systems are also restored ineffectively. This is where MDR comes in as a service.

MDR solves a real problem

Modern EDR solutions offer an overview of the security situation at endpoints (Image: Bitdefender).

There are always new technologies, trends, buzzwords and technical terms in cybersecurity. And in response to the ever-changing threats, new offers keep coming onto the market to improve security in companies. In some ways, buzzwords for new, evolving technologies are inevitable. But MDR seems to be more than just a flash in the pan. Industry insiders and analyst firms expect the market for MDR services to reach a volume of 2025 billion US dollars by 2,2. According to Gartner, more than half of all companies will then use MDR services by the same year. This rapid growth can only be achieved if a service really remedies a problem and offers IT security services that you don't have to manage yourself. Companies are looking for such an offer in order not to hire staff themselves, which is hardly to be found on the labor market anyway.

The three basic characteristics of an MDR service

The goal of every CISO is to use new technologies that protect the company better than before. However, the market for security technologies is very difficult for CISOs to keep track of and is also developing very quickly. In addition, a lack of standardization of terms, processes and technologies makes it difficult to compare, evaluate and select the services, tools or technologies of providers. MDR is a great example of this, and it is time to agree on industry-wide standards that define what a threat hunt and response service is all about. Although different MDR services can have a multitude of different characteristics, there are three basic components of an MDR service that can be agreed upon: proactive action, search for cyber threats and 24/7 availability.

What to look for when evaluating an MDR service

1. Acting proactively

MDR services present themselves as a team of security experts who “keep an eye on” a company around the clock. These promise to protect data with a sophisticated and comprehensive security approach that can detect attacks and react to them - even those that are ready in the network. That sounds good, but it's important to understand what vendors mean by "reaction". Some providers simply notify their customers of an incident and then leave it to them to handle the attack. In terms of reaction, it is therefore important to ask the potential MDR provider explicitly:

  • What proactive response options are included?
  • To what extent are these response measures automated?
  • What role does the customer play in the response measures?
  • What is the approval process for response measures?

2. Search for cyber threats

Finding out such threats is an important component of MDR services. Done correctly, it requires a high level of expertise and relevant and contextual data. Threat hunting should include a contextual view of likely malicious actors and their tactics, techniques and procedures, as well as a clear understanding of the business and IT environment to be defended. When evaluating the service, these questions should not go unanswered:

  • How is the search for threats defined?
  • How is this search measured?
  • Which performance indicators are available?
  • To what extent is the search automated?
  • How is threat intelligence integrated into the threat hunting program?
  • What are the objectives and results of the program?
  • What triggers a search for threats?

3. 24/7 operation

XEDR tools provide a further basis and show attacks (Image: Bitdefender).

At first glance, it may seem easy to assess whether an MDR service offers 24/7 operation. But even such a statement can mean a lot. With the right questions, you have a thorough understanding of the operational processes, the workforce and the location of the analysts who are entrusted with protecting your data. These questions should be asked:

  • Are there retrieval procedures outside of business hours?
  • Do you have staff on duty outside of business hours?
  • Do the operating times follow "the sun" in the respective time zones?
  • Do you offer a remote SOC, a co-sourced SOC, or a SOC that is independent of the region? It is about whether a team of analysts works remotely for a single customer base, or whether different SOCs in international regions look after customers from the same region.

Bottom line: don't just choose a service

MDR services can be an important additional resource for companies that do not have the expertise or the means to set up the appropriate processes themselves. They also serve as a safety net when other controls fail. A central added value is the continuous overview of a company's environment and its individual risk situation. Since there are no MDR industry standards yet, it is the responsibility of the company to ask the right questions in order to evaluate potential services and partners and to improve the security in the company in the long term.

More at Bitdefender.com

 

About Bitdefender

Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Bitdefender, PR News
, , , ,