MDR SECURITY

Why modern security teams choose MDR

Managed Detection and Response (MDR) offers your enterprise the technology and expertise to stop threats that bypass other security controls. Learn how secure MDR provides value far beyond closing your IT security skills gaps.

MSSP vs. MDR Buyer's Guide Learn about Red Canary MDR

What is MDR?

MDR services are designed to protect organizations from advanced attacks by quickly detecting threats and enabling rapid response. Red Canary MDR delivers threat detection and response as an outsourced service to organizations of all types and sizes. We combine the technology, expertise, and processes that act as or augment your security team so you can focus on running your business.

Record

MDR services require a robust data set to perform their detection. Your MDR will either request access to your existing security stack or require deployment of additional technology for greater visibility and improved data collection.

Detect

A hallmark of MDR solutions is advanced detection capabilities. MDR uses multiple sophisticated technologies, including advanced analytics engines, behavioral-based detection, machine learning, anomaly detection, and more.

Investigate

Once a potential threat is identified, security analysts gather evidence and conduct research to understand and validate the threat before it becomes a major incident. The more efficient and accurate the investigation, the more protection you get from cyber attacks.

Respond

MDR providers offer remote investigation of potential threats, employing a team of knowledgeable experts who understand how to interpret the events produced by the detection technology—often including a high degree of support to contain and respond to threats.

It’s a challenge for organizations to protect themselves from constantly evolving cyber attacks—and even some of the mainstays you know well. With Red Canary MDR, you’re gaining a true security ally. We monitor your environment 24/7 for signs of attack and are there for you when you need help.

  • Minimize false positives, eliminate alert overload, and stop analyst fatigue
  • Speed up threat detection, investigation, and remediation for threats that might otherwise go unnoticed
  • Reduce dwell time, mean time to detect (MTTD), and mean time to respond (MTTR)
  • Free up in-house security teams to work on high value and strategic work
  • Gain community protection with linked detections and threats across our vast customer base
  • Improve your overall security posture and security maturity

A rapidly growing market

While the MDR market is fairly new and market penetration is in its infancy, interest in MDR is incredibly strong, as indicated by the EMA research data shared below. Access the full EMA report here.

94%

of organizations are evaluating MDR services

79%

of organizations are considering adopting MDR soon

 

MSSP vs. MDR

Many organizations that are predisposed to pass over MSSP detection and response offerings will find that MDR can help them fill gaps within their internal capabilities. Take a look at the comparison chart below, and get answers to 8 common questions in our full guide comparing MSSPs and MDR.

CapabilitiesMSSPMDR
Capabilities:
COLLECTION, DETECTION, AND RESPONSE PLATFORM
MSSP:

Perimeter technology; signature/rule-based detection to identify threats

MDR:

Inspection across endpoints and networks; behavioral analysis and machine learning to detect threatening behaviors

Capabilities:
TRIAGE, INVESTIGATION, AND RESPONSE
MSSP:

Focused on meeting SLAs by quickly performing cursory triage that often results in high false positives

MDR:

Designed to investigate and confirm threats at Tier 1 and Tier 2 levels and provide a more complete understanding of incidents

Capabilities:
ROLE IN INTERNAL SECURITY PROGRAM
MSSP:

Meant to replace basic internal security functions

MDR:

Augments and enhances an existing security program with advanced technology and highly specialized analysts, threat hunters, and incident responders

Capabilities:
INTEGRATION ACROSS SECURITY PROGRAM
MSSP:

Technology frequently lacks integration points with internal tools

MDR:

Usually designed to plug into an organization’s SIEM, workflow, and SecOps tools. Some include additional data source ingestion options.

Capabilities:
THREATS DETECTED
MSSP:

Known vulnerabilities, known malware, and common, high-volume attacks

MDR:

Malware, targeted attacks, zero-days, and insider threats

Capabilities:
STAFF SPECIALIZATION
MSSP:

Basic log management, monitoring, investigation via playbook or script

MDR:

Advanced malware analysis, threat hunting, forensics, incident response, data science, security analytics, and security breach

Selecting a provider

Organizations of all sizes across all industries are enlisting MDR solutions to support their detection and response efforts. These organizations recognize their existing security program stops a percentage of threats but can never realistically stop every threat.

If you’re interested in adopting MDR services, you have a couple of choices in the types of services you can adopt. Although managed endpoint detection and response (EDR) comes to mind most often when thinking about MDR services, Red Canary MDR also includes monitoring for infrastructure such as your Linux containers and VMs.

Calculating ROI

Once your service provider is selected, the process of onboarding and establishing the rules of engagement can take anywhere from less than a day to up to three months, depending on how extensive the service offering is, how much if any integration is required with your existing security infrastructure, and other considerations.

For direct Red Canary customers, the median time to complete onboarding tasks is 30 days. A longer training helps us solidify the partnership and ensure our customers feel confident and comfortable with the tools and processes in place.

Whatever the cost concerns some organizations have around contracting with MDR providers, there is no doubt that users are seeing results in the drive toward more quickly discovering and vanquishing advanced threats already operating within organizations’ networks and infrastructure.

As a result of MDR services, many organizations are significantly reducing mean time to resolution (MTTR) of attacks. The largest percentage of MDR users (35%) saw an MTTR reduction between 25% and 49%.