The Intricacies of MDR

MDR_Technium
MDR sounds simple; it is only three letters, so how complicated can it be? The answer to this may surprise you. Managed Detection and Response (MDR) is more than just overseeing what’s happening in your environment.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

The Intricacies of MDR

Written by Ben Davis (Technium) & Louis Evans (Arctic Wolf Networks)

MDR sounds simple; it is only three letters, so how complicated can it be? The answer to this may surprise you. Managed Detection and Response (MDR) is more than just overseeing what’s happening in your environment. The intricacies that go into an operational MDR approach are what makes security simple for the end user, while the cogs are working 24×7 behind the scenes.


Here’s what goes into an operational MDR approach:

  1. Logs from all software and systems are vetted (reviewed) to develop a streamlined solution. This takes the burden off the end user – the one whose environment is being protected. Through the integration and systemization of these tools and people, the output of MDR looks like a simple plan of action that can be followed. Without the operational approach though, MDR can become a mess within the end user’s environment if they take on the task by themselves, with disconnected systems producing all sorts of unconfirmed alerts. It is easier to work with partners that have already vetted and streamlined the software and systems, so you can reap the rewards.

  2. Not all abnormalities detected by the sensors are actual events; these false positives create all the noise within an environment. This in turn can cause the true events to be missed. In an operational MDR solution, the actual events are found because of the analysts going through each alert. When one (event) is found to be a security threat, it is time for response and remediation.

  3. MDR should not just be informational – alerts coming into your inbox. Each alert should have a remediation plan attached to it. The operational MDR approach has the system in place, as mentioned above, and that process will deliver a tailored plan to remediate any abnormalities that are found. If you consider MDR to be simply collecting alerts and identifying which ones should be fixed, then that can cause severe gaps in your security. MDR is not a point product; it is an ongoing solution.

  4. Remediation is key in MDR. The “R” stands for Response, which can be as simple as a report. The next step though is the actual remediation and execution of the response plan. In an operational MDR approach, specific instructions are provided in order to properly respond to the security event in line with the severity, and ongoing guidance on how to reduce risk in the future. Executing the recommended actions is what will reduce your attack surface over time.

Ready to operationalize your environment?

Systems vs. Software

Finding an out-of-the-box software to resolve gaps in your current cyber security state appears easy. The hard part is ensuring the systems and people are in place to do the work.

Read More »

Choosing the Right MSP

To understand how your Managed Services Provider (MSP) stacks up from a security standpoint, here are some levels, observations, and questions to identify what you may currently have.

Read More »

DIY Security: Know When to Call in Experts

Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?

Read More »

Systems vs. Software

Finding an out-of-the-box software to resolve gaps in your current cyber security state appears easy. The hard part is ensuring the systems and people are in place to do the work.

Read More »

Choosing the Right MSP

To understand how your Managed Services Provider (MSP) stacks up from a security standpoint, here are some levels, observations, and questions to identify what you may currently have.

Read More »

DIY Security: Know When to Call in Experts

Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?

Read More »