Blog Posts

Why is the ‘M’ the Most Important Part of MDR?

In my previous post, Why Do You Need MDR (Managed Detection and Response) Services, I briefly touched on why an organization probably could benefit from MDR services. In its latest market guide for MDR services, Gartner predicts that by 2020, 15 percent of organizations will be using some type of MDR service, up from less than one percent today.

For my part, the “M” portion is probably the most important letter of the MDR acronym. If you are going to spend a portion of your security budget on an outside service to manage an integral area to your business, you want to make sure that that service is truly managing incident detection and response. Unfortunately, too many MDR vendors drop the ball when it comes to managing your detection and response needs.

Dropping the Ball

The problem is a result of vendors putting their own needs ahead of yours. Signature-based software companies, in the hope of diversifying their offerings beyond their dated software, tend to assume they can magically turn their software engineers into incident responders, who work closely with their customers. But their ultimate goal is to sell you their pro licensed software and tack on more money per user for additional support—even if that means forcing you to rip and replace your current security stack.

Meanwhile, MSSPs, seeking to get a slice of the MDR pie, mistake overseeing software and other cybersecurity services for true MDR. They may detect Malware A or Malware B, but they tend to treat each of these alerts as a singular event and expect you to do what you will with this information. Or they hire analysts to check boxes for specific traits, even though those traits may change as the malware moves laterally through your network. They don’t look at the historical context. They don’t let you know how long the malware has been infecting your systems. They don’t give you an idea of where this malware sits on the cyber kill chain or what led to its infiltration. They don’t necessarily let you know that Malware B comes from the same state-sponsored threat actor as Malware A and how that knowledge can help you protect yourself from subsequent attacks.

The Best MDR Services Are Partners

Sometimes, I think PDR, for Partnered Detection and Response , would be a better acronym than MDR, but MDR is the acronym of record for the foreseeable future. But the best management involves true partnerships, where vendors and organizations work together, as people, toward a common goal. That’s what we do at UnitedLex.

I’ve worked as an incident responder on UnitedLex’s MDR service team for over two years, so let me tell you what my job entails:

  • I know your environment inside and out.
  • I know what is considered normal on your network and will identify potential anomalies.
  • I know your people, down to the name of your kids and where you went on vacation.
  • I will make sure that we equip your organization with best of breed detection and response tools that work in your environment—and I won’t push any sales contract on any sort of software.
  • I will analyze incidents in context, providing you with historical analysis, crowdsourced information, patterns of behavior and any other indicators of compromise—and then correlate this incident with any other suspicious behavior that’s been found on your network.
  • In case of an incident, my team members and I will have boots on the ground within 24 hours of detecting an incident to help you remediate the problem.
  • You can call me or my colleagues 24/7 about any problems or to get advice or even to complain. We’re here, and our goal is to make your organization better.

Most of all, my team and I pledge to manage your entire incident detection and response so that you stay safe. And we welcome your engagement with us, as true partners in this ongoing quest.

I briefly touched on why an organization probably could benefit from MDR services. In its latest market guide for MDR services, Gartner predicts that by 2020, 15 percent of organizations will be using some type of MDR service, up from less than one percent today.