What is MDR?
MDR services are designed to protect organizations from advanced attacks by quickly detecting threats and enabling rapid response. Red Canary MDR delivers threat detection and response as an outsourced service to organizations of all types and sizes. We combine the technology, expertise, and processes that act as or augment your security team so you can focus on running your business.
HOW MDR WORKS
Record
MDR services require a robust data set to perform their detection. Your MDR will either request access to your existing security stack or require deployment of additional technology for greater visibility and improved data collection.
Detect
A hallmark of MDR solutions is advanced detection capabilities. MDR uses multiple sophisticated technologies, including advanced analytics engines, behavioral-based detection, machine learning, anomaly detection, and more.
Investigate
Once a potential threat is identified, security analysts gather evidence and conduct research to understand and validate the threat before it becomes a major incident. The more efficient and accurate the investigation, the more protection you get from cyber attacks.
Respond
MDR providers offer remote investigation of potential threats, employing a team of knowledgeable experts who understand how to interpret the events produced by the detection technology—often including a high degree of support to contain and respond to threats.
MEET RED CANARY MDR
It’s a challenge for organizations to protect themselves from constantly evolving cyber attacks—and even some of the mainstays you know well. With Red Canary MDR, you’re gaining a true security ally. We monitor your environment 24/7 for signs of attack and are there for you when you need help.
- Minimize false positives, eliminate alert overload, and stop analyst fatigue
- Speed up threat detection, investigation, and remediation for threats that might otherwise go unnoticed
- Reduce dwell time, mean time to detect (MTTD), and mean time to respond (MTTR)
- Free up in-house security teams to work on high value and strategic work
- Gain community protection with linked detections and threats across our vast customer base
- Improve your overall security posture and security maturity
EVALUATING MDR
A rapidly growing market
While the MDR market is fairly new and market penetration is in its infancy, interest in MDR is incredibly strong, as indicated by the EMA research data shared below. Access the full EMA report here.
94%
of organizations are evaluating MDR services
79%
of organizations are considering adopting MDR soon
MSSP vs. MDR
Many organizations that are predisposed to pass over MSSP detection and response offerings will find that MDR can help them fill gaps within their internal capabilities. Take a look at the comparison chart below, and get answers to 8 common questions in our full guide comparing MSSPs and MDR.
| Capabilities | MSSP | MDR |
|---|---|---|
Capabilities:COLLECTION, DETECTION, AND RESPONSE PLATFORM | MSSP: Perimeter technology; signature/rule-based detection to identify threats | MDR: Inspection across endpoints and networks; behavioral analysis and machine learning to detect threatening behaviors |
Capabilities:TRIAGE, INVESTIGATION, AND RESPONSE | MSSP: Focused on meeting SLAs by quickly performing cursory triage that often results in high false positives | MDR: Designed to investigate and confirm threats at Tier 1 and Tier 2 levels and provide a more complete understanding of incidents |
Capabilities:ROLE IN INTERNAL SECURITY PROGRAM | MSSP: Meant to replace basic internal security functions | MDR: Augments and enhances an existing security program with advanced technology and highly specialized analysts, threat hunters, and incident responders |
Capabilities:INTEGRATION ACROSS SECURITY PROGRAM | MSSP: Technology frequently lacks integration points with internal tools | MDR: Usually designed to plug into an organization’s SIEM, workflow, and SecOps tools. Some include additional data source ingestion options. |
Capabilities:THREATS DETECTED | MSSP: Known vulnerabilities, known malware, and common, high-volume attacks | MDR: Malware, targeted attacks, zero-days, and insider threats |
Capabilities:STAFF SPECIALIZATION | MSSP: Basic log management, monitoring, investigation via playbook or script | MDR: Advanced malware analysis, threat hunting, forensics, incident response, data science, security analytics, and security breach |
Selecting a provider
Organizations of all sizes across all industries are enlisting MDR solutions to support their detection and response efforts. These organizations recognize their existing security program stops a percentage of threats but can never realistically stop every threat.
If you’re interested in adopting MDR services, you have a couple of choices in the types of services you can adopt. Although managed endpoint detection and response (EDR) comes to mind most often when thinking about MDR services, Red Canary MDR also includes monitoring for infrastructure such as your Linux containers and VMs.
Do MDR service providers augment or replace existing IT security staff?
Calculating ROI
Once your service provider is selected, the process of onboarding and establishing the rules of engagement can take anywhere from less than a day to up to three months, depending on how extensive the service offering is, how much if any integration is required with your existing security infrastructure, and other considerations.
For direct Red Canary customers, the median time to complete onboarding tasks is 30 days. A longer training helps us solidify the partnership and ensure our customers feel confident and comfortable with the tools and processes in place.
Whatever the cost concerns some organizations have around contracting with MDR providers, there is no doubt that users are seeing results in the drive toward more quickly discovering and vanquishing advanced threats already operating within organizations’ networks and infrastructure.
As a result of MDR services, many organizations are significantly reducing mean time to resolution (MTTR) of attacks. The largest percentage of MDR users (35%) saw an MTTR reduction between 25% and 49%.