Skip Navigation
Get a Demo
 
 
 
 
 
 
 
 
 

Why modern security teams choose MDR

Managed Detection and Response (MDR) security solutions offer the technology and expertise to stop threats that bypass other cybersecurity controls, providing value far beyond closing your IT security skills gaps.

get a demo
WHAT MAKES UP MDR SECURITY SERVICES
Technology

A unique data analytics platform that evaluates an organization’s activity using multiple detection technologies and techniques.

Expertise

Highly technical security analysts and threat hunters capable of conducting in-depth investigations, malware analysis, and threat research.

Process

A well-refined process that relies on data science, efficient security operations, and incident response best practices.

What is MDR?

MDR security services are designed to protect organizations from advanced cyber attacks by quickly detecting threats and enabling rapid response. Red Canary MDR delivers threat detection and response as an outsourced service to organizations of all types and sizes. We combine the technology, expertise, and processes that act as or augment your security team so you can focus on running your business.

Explore Red Canary MDR

HOW MDR WORKS
Record and Detect
MDR services require a robust data set to perform their detection. It uses multiple sophisticated technologies, including advanced analytics engines, behavioral-based detection, machine learning, anomaly detection, and more.
Investigate
Once a potential threat is identified, security analysts gather evidence and conduct research to understand and validate the threat before it becomes a major incident. The more efficient and accurate the investigation, the more protection you get from cyber attacks.
Respond
MDR providers offer remote investigation of potential threats, employing a team of knowledgeable experts who understand how to interpret the events produced by the detection technology—often including a high degree of support to contain and respond to threats.
MEET RED CANARY MDR

It’s a challenge for organizations to protect themselves from constantly evolving cyber attacks—and even some of the mainstays you know well. With Red Canary MDR, you’re gaining a true security ally. We monitor your environment 24/7 for signs of attack and are there for you when you need help.

  • Minimize false positives, eliminate alert overload, and stop analyst fatigue
  • Speed up threat detection, investigation, and remediation for threats that might otherwise go unnoticed
  • Reduce dwell time, mean time to detect (MTTD), and mean time to respond (MTTR)
  • Free up in-house security teams to work on high value and strategic work
  • Gain community protection with linked detections and threats across our vast customer base
  • Improve your overall security posture and security maturity
 
“Having that extra set of eyes really helps. Now we can confidently discuss the state of our environment and security posture. We aren’t just taking another team’s word for it; we can see it for ourselves. We have a lot of faith in Red Canary.”
Security Analyst
Top 50 Financial Institution
birdInFlight_editable
EVALUATING MDR

A rapidly growing market

While the MDR market is fairly new and market penetration is in its infancy, interest in MDR is incredibly strong, as indicated by the EMA research data shared below.

94%

of organizations are evaluating MDR services

79%

of organizations are considering adopting MDR soon

 

MSSP vs. MDR

Many organizations that are predisposed to pass over MSSP detection and response offerings will find that MDR can help them fill gaps within their internal capabilities. Take a look at the comparison chart below, and read our blog or get answers to 8 common questions in our full guide comparing MSSPs and MDR.

CapabilitiesMSSPMDR
Capabilities:
COLLECTION, DETECTION, AND RESPONSE PLATFORM
MSSP:

Perimeter technology; signature/rule-based detection to identify threats

MDR:

Inspection across endpoints and networks; behavioral analysis and machine learning to detect threatening behaviors

Capabilities:
TRIAGE, INVESTIGATION, AND RESPONSE
MSSP:

Focused on meeting SLAs by quickly performing cursory triage that often results in high false positives

MDR:

Designed to investigate and confirm threats at Tier 1 and Tier 2 levels and provide a more complete understanding of incidents

Capabilities:
ROLE IN INTERNAL SECURITY PROGRAM
MSSP:

Meant to replace basic internal security functions

MDR:

Augments and enhances an existing security program with advanced technology and highly specialized analysts and threat hunters

Capabilities:
INTEGRATION ACROSS SECURITY PROGRAM
MSSP:

Technology frequently lacks integration points with internal tools

MDR:

Usually designed to plug into an organization’s SIEM, workflow, and SecOps tools. Some include additional data source ingestion options.

Capabilities:
THREATS DETECTED
MSSP:

Known vulnerabilities, known malware, and common, high-volume attacks

MDR:

Malware, targeted attacks, zero-days, and insider threats

Capabilities:
STAFF SPECIALIZATION
MSSP:

Basic log management, monitoring, investigation via playbook or script

MDR:

Advanced malware analysis, threat hunting, forensics, incident response, data science, security analytics, and security breach

Selecting a provider

Organizations of all sizes across all industries are enlisting MDR solutions to support their detection and response efforts. These organizations recognize their existing security program stops a percentage of threats but can never realistically stop every threat.

If you’re interested in adopting MDR services, you have a couple of choices in the types of services you can adopt. Although managed endpoint detection and response (EDR) comes to mind most often when thinking about MDR services, Red Canary MDR also includes monitoring for infrastructure such as your Linux containers and VMs.

Do MDR service providers augment or replace existing IT security staff?
 
Augment
66%
 
Replace
31%

Source: EMA

Calculating ROI

Once your service provider is selected, the process of onboarding and establishing the rules of engagement can take anywhere from less than a day to up to three months, depending on how extensive the service offering is, how much if any integration is required with your existing security infrastructure, and other considerations.

For direct Red Canary customers, the median time to complete onboarding tasks is 30 days. A longer training helps us solidify the partnership and ensure our customers feel confident and comfortable with the tools and processes in place.

Whatever the cost concerns some organizations have around contracting with MDR providers, there is no doubt that users are seeing results in the drive toward more quickly discovering and vanquishing advanced threats already operating within organizations’ networks and infrastructure.

As a result of MDR services, many organizations are significantly reducing mean time to resolution (MTTR) of attacks. The largest percentage of MDR users (35%) saw an MTTR reduction between 25% and 49%.

Take a look at our 3 Ways to Calculate the ROI of MDR guide to help you measure the full business value of MDR.

Reduction in MTTR since adopting MDR
 
Between 75% to 100%
14%
 
Between 50% to 74%
23%
 
Between 25% to 49%
35%
 
Between 10% to 24%
23%
 
Less than 10%
3%

Source: EMA

 

See Red Canary in action

Schedule your demo now
Get a Demo
 
 
 
 
Back to Top