The Intricacies of MDR

MDR_Technium
MDR sounds simple; it is only three letters, so how complicated can it be? The answer to this may surprise you. Managed Detection and Response (MDR) is more than just overseeing what’s happening in your environment.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

The Intricacies of MDR

Written by Ben Davis (Technium) & Louis Evans (Arctic Wolf Networks)

MDR sounds simple; it is only three letters, so how complicated can it be? The answer to this may surprise you. Managed Detection and Response (MDR) is more than just overseeing what’s happening in your environment. The intricacies that go into an operational MDR approach are what makes security simple for the end user, while the cogs are working 24×7 behind the scenes.


Here’s what goes into an operational MDR approach:

  1. Logs from all software and systems are vetted (reviewed) to develop a streamlined solution. This takes the burden off the end user – the one whose environment is being protected. Through the integration and systemization of these tools and people, the output of MDR looks like a simple plan of action that can be followed. Without the operational approach though, MDR can become a mess within the end user’s environment if they take on the task by themselves, with disconnected systems producing all sorts of unconfirmed alerts. It is easier to work with partners that have already vetted and streamlined the software and systems, so you can reap the rewards.

  2. Not all abnormalities detected by the sensors are actual events; these false positives create all the noise within an environment. This in turn can cause the true events to be missed. In an operational MDR solution, the actual events are found because of the analysts going through each alert. When one (event) is found to be a security threat, it is time for response and remediation.

  3. MDR should not just be informational – alerts coming into your inbox. Each alert should have a remediation plan attached to it. The operational MDR approach has the system in place, as mentioned above, and that process will deliver a tailored plan to remediate any abnormalities that are found. If you consider MDR to be simply collecting alerts and identifying which ones should be fixed, then that can cause severe gaps in your security. MDR is not a point product; it is an ongoing solution.

  4. Remediation is key in MDR. The “R” stands for Response, which can be as simple as a report. The next step though is the actual remediation and execution of the response plan. In an operational MDR approach, specific instructions are provided in order to properly respond to the security event in line with the severity, and ongoing guidance on how to reduce risk in the future. Executing the recommended actions is what will reduce your attack surface over time.

Ready to operationalize your environment?

9 Tips To Decrease Your Security Risk

When you make changes within your organization, remember that you’ll need to make changes to your cyber security program too. Review these tips to be sure you’re doing all you can to decrease your risk.

Read More »

Security is a Team Sport

When IT professionals are faced with safeguarding their business’ digital infrastructure they are flooded with options leaving most people overwhelmed and in more of a quandary of when then started. So how is one to choose?

Read More »
MDR_Technium

The Intricacies of MDR

MDR sounds simple; it is only three letters, so how complicated can it be? The answer to this may surprise you. Managed Detection and Response (MDR) is more than just overseeing what’s happening in your environment.

Read More »

Penetration Testing 101

Penetration testing (or pen testing) is a process by which software is utilized to probe a network and its elements for security risks. The job of security is always to focus on reducing the attack surface. Pen testing is what allows you to do this.

Read More »

9 Tips To Decrease Your Security Risk

When you make changes within your organization, remember that you’ll need to make changes to your cyber security program too. Review these tips to be sure you’re doing all you can to decrease your risk.

Read More »

Security is a Team Sport

When IT professionals are faced with safeguarding their business’ digital infrastructure they are flooded with options leaving most people overwhelmed and in more of a quandary of when then started. So how is one to choose?

Read More »
MDR_Technium

The Intricacies of MDR

MDR sounds simple; it is only three letters, so how complicated can it be? The answer to this may surprise you. Managed Detection and Response (MDR) is more than just overseeing what’s happening in your environment.

Read More »

Penetration Testing 101

Penetration testing (or pen testing) is a process by which software is utilized to probe a network and its elements for security risks. The job of security is always to focus on reducing the attack surface. Pen testing is what allows you to do this.

Read More »