Managed Detection and Response: What You Need to Know

Managed Detection and Response (MDR)

It’s natural to think of cyber security in terms of keeping threats out of your systems. But the fact is that not all threats can be prevented, and if you do not have managed detection and response (MDR), you are missing a critical component of your cyber security. The goal of MDR is to quickly identify new cyber threats and limit the time an attacker hangs out within your company’s network. As a managed service provider, Internos provides MDR and endpoint security to Miami-area small and medium sized businesses.

What Is Managed Detection and Response (MDR)?

Managed detection and response (MDR) services stop threats that have bypassed other security controls and gained access to your system. The goal of MDR is to find and remove these threats quickly to prevent or minimize damage. There are three main components to and MDR service:

  • Technology that can evaluate activity and behaviors to anticipate and block threats
  • Expertise of specialists to monitor and support the service
  • Process and best practices for incident response

MDR services are integrated into the business’s infrastructure and work alongside other advanced detection technology such as endpoint detection and response (EDR) to examine, monitor and detect potential threats. 

MDR vs MSSP (Managed Security Service Provider)

A managed security service provider (MSSP) provides cyber security monitoring and management to other businesses, similar to how managed service providers provide outsourced IT support. Many MSPs are also MSSPs, and a few also offer the additional security of managed detection and response (MDR).

Traditional MSSP services excel at protecting your network from known threats and common attacks. MDR is more advanced, able to detect behaviors and patterns that identify previously unknown threats, including zero-day, targeted attacks and insider threats.

Why Use an MDR Service?

There can be no doubt that attackers have become smarter and have new tools with which to make attacks on any business’s network.

They not only have learned how to disguise their tactics, they also don’t need to know exactly how those tactics work. All they need to do is go to the dark web and buy software with which they can create havoc on any network.

Few small to mid sized businesses can afford to develop cyber security expertise in house. By working with a managed security provider that includes advanced protection like MDR and EDR, businesses get the benefits at a much lower cost. Building your own MDR, complete with staff who have the expertise to use it, is simply cost prohibitive. Add to that the fact that it would take months to years to build.

Types of Businesses That Use MDRs

MDRs are used by all sized companies in all kinds of industries to support detection of threats and response efforts. They recognize that security programs might stop many threats but cannot stop every threat. 

Businesses partner with an MDR because:

  • They know that simply satisfying compliance requirements is no longer sufficient and they need additional security to reduce risks.
  • No matter what types of threat prevention they use, cybercriminals will invent new ways to attack.
  • MDRs constantly monitor, detect and respond to all attacks, including new and emerging ones.
  • Even if a client has a security operations center (SOC), MDRs can serve as a second pair of eyes to watch your environment and quickly identify new threats.

Do You Need MDR, MSSP or Both?

Like many technology services, no two MDR or MSSP services are exactly alike. So, which combination you need to protect your business will vary. Some MDR services include traditional MSSP functions and some do not. It is possible to use both. In fact, it is somewhat common to have the MSSP handle basic security and an MDR focus on identifying threats.

Working with a managed service provider like Internos can help. We review your network and infrastructure to identify and close gaps, setting up a custom support plan that meets the specific needs of your business. Contact us or book a meeting to start the discussion. 

Questions to Ask Prospective Security Providers

Whether you are looking for an MSP, MSSP or MDR provider — or all three — these questions can help you understand their security capabilities:

  1. What is your process for detection, investigation and response? 
  2. What is your team’s expertise with security research, advanced detection methodologies, threat hunting, security analysis, incident response, forensics, security operations, security engineering, data science and IT operations? 
  3. Can you detect XYZ activity? For each activity identified, ask which observations will be collected to enable detection as well as what aspects of the attack will be detected. 
  4. How do you ensure you always have enough analysts and incident responders on your staff? 
  5. How do you maintain a pipeline SOC? 
  6. How do you train your SOC to ensure proficiency? Are you able to provide metrics showing continuous improvements in analysis time? 
  7. What technologies are core to your security offering?
  8. Can you automatically organize data and suppress events to limit investigation of false positives? 
  9. What is your customer reported false positive rate? False negative rate?
  10. What is the false positive rate on some of your detectors? Not the false positive rate customers report, rather the false positive rate the provider’s internal SOC reports from its own detection technology. (The key here is that internal false positives are okay.)
  11. Does your MDR provider examine a lot of different activities, even if it doesn’t convert any of those activities to a threat? 
  12. What types of threats are you unable to detect?
  13. What is your average time to detection? Response?
  14. Have you ever had a customer get breached? Walk through how that event happened and what the response was. Can a conversation with that customer be arranged?
  15. Who do customers typically interact with when they have questions on detections, response best practices, implementation of the MDR service, etc.?
  16. Explain your detection and response roadmap. What new techniques and technologies will you incorporate into your offering?
  17. How do customers hold you accountable? 

Need Help With Managed Detection and Response? 

You can also lean on us, your Miami-area managed service provider, to understand the nuances of MDR, EDR, MSSP or any other technology solution. Contact us or book a meeting for a no-obligation consultation. 

Posted in
Richard Blanco Internos Miami Author Image

Richard Blanco

Richard helped found Internos in 2013 and has been acting CTO since. As the Chief Technology Officer, Richard is focused on identifying, managing and delivering the best technologies for Internos clients. With more than 27 years in the IT industry, Richard is passionate about high-tech, but approachable solutions that solve business’ everyday challenges

Use our Managed Service Provider Checklist to Find the Right

Our easy-to-follow checklist can guide you through the process of the best IT services provider for your business.

Are you a first-timer to IT support? Maybe you aren’t happy with your current MSP? This checklist will help you outline and define:

  • Your business goals for the next few years.
  • The stats that potential MSPs will need to work out a plan for your company.
  • The risk areas in your backup and cyber security practice.s
  • What you expect from your IT provider.
  • And more!