Five Keys to Maximizing MDR Value

Demand for?managed detection and response (MDR)?is growing rapidly. This growth is being driven by multiple factors — including intensifying threats and a?global shortage of cybersecurity talent.

That's why outsourcing threat detection and response to a third-party provider with the right skills, the right tools, and the ability to offer 24x7 coverage makes sense.

Unfortunately, because the MDR market is projected to explode from under $5B in 2021 to almost $22B by 2030, there's no shortage of vendors making a lot of noise about their offerings. Here are five key concepts to keep in mind as you seek an MDR provider that will deliver the most value for you and your organization.

KEY #1: The Foundation of Your MDR Matters

There is a belief that the underlying technology that MDR is delivered on isn't important, just as long as threats are detected and proper response actions are taken. We challenge that belief. Some MDR providers still base their services on endpoint detection and response (EDR). Others claim they use extended detection and response (XDR) — even though their technology stack could better be described as “EDR plus.”

But neither EDR nor “EDR plus” will cut it to back a successful MDR solution. Collectively, we've become so good at endpoint security that threat actors now avoid endpoint-focused exploits. In fact, in recent Secureworks event data, about 60% of today's attacks occurred outside of endpoints — meaning they bypassed EDR telemetry altogether. True MDR requires more than just endpoint detection with a few other data sources added. It needs a true XDR underpinning.

XDR's ability to detect intruders' “breadcrumbs” anywhere and everywhere they appear is central to any MDR provider's value proposition. That means one that unifies all security-relevant data from across your environment. This includes endpoints, cloud, networks, directory services, IDS, and more. Furthermore, true XDR applies analytics to that data to quickly detect malicious activity. It can help you accurately identify the exact nature of malicious activity so that you can act decisively to neutralize it, while working aggressively to minimize time wasted on chasing meaningless alerts. True XDR is essential for MDR.

KEY #2: MDR provider threat intelligence is not a commodity

Another myth is that all MDR providers have access to the same threat intelligence — and that their effectiveness is thus only contingent upon how “smart” their analytics and artificial intelligence (AI) happen to be.

This isn't true. While a good deal of general threat intelligence is open source, the effectiveness of any MDR solution is highly contingent upon several proprietary aspects of threat intelligence, including:

• How current it is.?You never want to be late to the threat intelligence party. So it's important to work with an MDR provider who's never the last to know — as is often the first.
• How granular it is.?It's one thing to have general knowledge about a new exploit. It's another thing to have direct knowledge about the specific behavioral indicators of each component of that exploit — especially if you want to quickly detect and identify it.
• How quickly and effectively it gets converted into live detectors.?The process by which your MDR provider translates new threat intelligence into new detection analytics is crucial.

That's why you want to make sure your MDR provider is using a true XDR platform that continuously, actively leverages truly world-class threat intelligence of their own and from other sources.

Click here to get the other 3 keys