May 25, 2021 Events & Webinars

Replay: Using MDR to enhance and simplify your security operations

Are you considering managed detection capabilities to simplify your EDR, XDR, and other security initiatives? Watch Red Canary and our guests from Forrester Research and DuPont discuss the MDR market and share examples of how MDR can support enterprise security requirements.

Managed detection and response (MDR) can enhance and simplify security operations by combining data from endpoints, networks, and cloud infrastructure with advanced expertise in detection engineering and incident handling. A modern MDR service enables enterprise security teams to focus on high-value activities instead of drowning in alerts.

This webinar details:

  • The criteria and methodology of Forrester’s 2021 MDR Wave
  • How DuPont successfully used MDR to support their enterprise SOC
  • Red Canary’s unique perspective on enterprise-wide managed detection and response

00:31 Panelist Introduction

01:35 Webinar Agenda

02:14 Rise of Endpoint Detection and Response (EDR)

02:21 Why Secure the Endpoint?

03:02 “Whether it’s an endpoint that’s part of your infrastructure, or whether it’s an endpoint that one of your end users is using, this is where the majority of attacks materialize in the first place, it’s our earliest opportunity to observe them and it’s our best opportunity to stop these attacks in their tracks early.” – Keith

3:38 “EDR really is the one technology that gives you a tremendous amount of visibility into adversary techniques in the context of MITRE ATT&CK that makes it very measurable, allows you the context to do a good and thorough investigation – understanding where the attack came from, what happened and where it progressed, and how to respond. EDR gives us a powerful set of response tools from basic containment and isolation all the way to doing really detailed remote forensics.” – Keith

06:13 Security Teams Face Headwinds

07:11 “There’s some things you can do with technology, but it really does take a team to get all the value that’s possible out of EDR and that type of family of controls.” – Keith

07:25 Leveraging Managed Detection and Response (MDR)

07:40 Commonly Asked Questions About MDR

08:06 Forrester MDR Wave Lessons Learned

09:41 Standouts from the MDR Wave

10:40 Excellent threat hunting capabilities and expertise

11:07 Articulate threat intel to hunting to automation pipeline

11:45 Sophisticated client references

14:39 “Subscribing and participating in a service with a vendor is really powerful for the end customer because they’re getting scale, visibility and an experience that a team internally can’t always establish or create because they have a much narrower aperture of what’s going on out there.” – Jeff

15:03 Key Takeaways about MDR Providers

15:44 The Squad Model

16:12 Detection is their Superpower

17:09 Skillful Practitioners

17:57 “Customers want a level of proficiency, but they also want an MDR vendor that can sync up with them, work with their tech stack,  specialize in specific capabilities and also act as a complementary force to the existing security team, so it’s not outsourcing – it’s very much augmentation.” – Jeff

20:12 Forrester MDR Wave: How We Determined the Final 15

22:54 Forrester MDR Wave: How the 15 Providers Stack Up

25:18 Forrester MDR Wave: Evaluation Criteria

28:02 MDR Customer Priorities

28:48 #1 – Detects more suspicious/malicious behavior than we would detect on our own

28:54 #2 – Provides expertise on attacker activities and behaviors

29:00 #3: Assists us in making more accurate decisions about suspicious/malicious activity

29:07 #4: Helps us identify root causes, and take steps to harden and prevent future activity

29:25 #5: Accelerates our response activities

29:28 #6: Allows us to become proactive rather than reactive

29:55 “It’s not just about handing alerts to someone, it’s about finding ways to make them better in the moment and also make them better long-term if you’re doing a good job at MDR.” – Jeff

30:35 From Technology to Capability

31:36 “These are the high-level functions that our security operations team provides to customers: great threat intelligence, taking that intelligence and building analytics and broad detection capabilities, doing effective and accurate detection, helping to handle incidents, and using research to learn what we find during incidents and inform the intel team to feed the cycle of prioritization.” – Keith

32:15 How Companies Use MDR

32:28 SOC-as-a-Service

32:44 SOC Augmentation

34:24 Why DuPont Chose Red Canary

35:40 Red Canary Results – MTTR Reduction

37:44 “Our strategy was to reduce cost but bring in really smart experts on our team, [so] we were basically able to get rid of all our Managed Service Provider (MSP) support…Relying a lot on automation and playbooks was key for us.” – Bob

38:36 Red Canary Results – Endpoint Risk Reduction

39:29 “Once we kicked into prevention mode and got our MTTR down…we all of a sudden dropped below the industry [standard] and stayed there consistently.” – Bob

40:32 “It allowed us to really understand our threat landscape. We cleared out all the noise from our environment and were really able to focus on the threats that were going to impact the organization and by doing so reduce the risk.” – Bob

43:39 Red Canary Results – By the Numbers

44:14 “We really focused on what was important with our MDR asset –  we had the right partner, we didn’t need all this Level 1 support that was just generating more noise, and we measured our success.” – Bob

46:44 “When we get an alert from Red Canary, it’s about a 95% true positive, so no matter where you are, drop what you’re doing, get on, and start working it out.” – Bob

48:40 Shifting to eXtended Detection and Response (XDR)

49:12 History of Security Operations

51:13 “MDR is the ability to operationalize your security technology, and that technology changes. Also really critical to have the platform, the foundation, that makes this possible. That platform needs to be responsive and robust to enable operations.” – Keith

52:19 “Just because you’ve done something one way for a long time, doesn’t mean it needs to continue that way, so [if] you have this traditional structure with 50 people at a low cost center looking at alerts with eyes on glass, that can be automated now [with technology]. Now is the time you can make interesting decisions, save money, and achieve better security.” – Bob

54:54 “As we think about these different compute platforms and different infrastructure types, and if you’re thinking about a real Managed Detection and Response service – because it’s not Managed EDR – how are you going to detect and respond in a cloud environment?…How are you going to investigate when a custom-built application is breached by an intruder vs. something that’s off the shelf?” – Jeff

57:33 Red Canary Security Operations Platform 

58:41 Putting it to Use

58:54 “Start with the problems that you’re trying to solve, take your time, and try before you buy.” -Jeff

1:00:34 “Don’t let old established ways of doing things stop you from making changes.” – Bob

 
Jeff Pollard
VP and Principal Analyst, Forrester
 
Robert Stasio
Global Cyber Threat Leader, DuPont
 
Keith McCammon
Chief Security Officer and Co-Founder, Red Canary
 
Red Canary named a leader in MDR
 
Breaking down the modern security operations center
 
Enabling the modern security operations center
 
MSSP vs MDR Guide