Managed detection and response explainer: what is MDR and what does it do?

Protecting your organisation with managed detection and response

At Advania, our Managed Detection and Response service, or MDR, provides organisations with access to the latest skills and resourcing to protect them against advanced and emerging threats.

Services like MDR are perfect for organisations that can’t maintain their own security operations centre (SOC) – you can still keep your organisation secure with around-the-clock monitoring and high-level expertise if you don’t have the resources to establish this for yourself.

The service combines advanced threat detection technology with human expertise to provide 24/7 monitoring, analysis and response. It takes the weight off your shoulders – you can rest assured that you’re covered, while your own IT teams are free to focus on your organisation’s biggest priorities.

What does managed detection and response mean?

Managed detection and response focuses on proactively detecting and rapidly responding to advanced threats – going beyond malware threats, protecting your organisation from threats like ransomware, insider threats,  data exfiltration and unauthorised access.

MDR can use endpoint detection and response (EDR) to monitor and respond to threats on endpoints in your organisation’s network. It offers an added protection as unlike the basics of antimalware, which focuses on threats that have already infiltrated your network, MDR also detects and responds to unknown and evolving threats that haven’t yet compromised your organisation.

What’s the difference between MDR and CSOC?

Managed detection and response offers a focused approach to threat detection and response, based on the higher visibility provided by MDR-aligned tools, like endpoint detection and response (EDR). It can achieve this because the technology has a broader view of the attack chain and has the analytic capability to combine signals from the many sources of telemetry on an endpoint. MDR offers the ability to benefit from this from a specialised and scalable team of experts that can monitor and respond to potential threats.

On the other hand, a cyber security operations centre (CSOC) offers a wider scope with more customisation in the end to end incident response process. This means that it can be configured to your exact use case – but that customised approach can stretch beyond the budgets of small and medium-sized businesses. For smaller businesses, we often find that exact use cases are not known and is the very reason they are in the market for a solution.  C+C’s MDR service focuses on the most prevalent threats and applies its detection and response expertise to these.

What are the key differences between CSOC and MDR?

Is MDR right for my organisation?

There are many misconceptions floating around regarding managed detection and response services – you might be considering whether it’s right for your organisation. I’ll be breaking down what you can really get from the service and why it’s worth investing in a layered security approach.

Since the MDR service offers a high level of focused and advanced protection, it can be thought to be out of budget for many organisations, like SMBs with limited IT resources. However, in fact, the rapid time to deploy the service and technology means that it can match your security and budget asks. Our MDR service has per-user, per-month pricing that’s easy to manage, with a lower total cost of ownership compared to building a SOC in house.

For many organisations, establishing the scale and expertise of an enterprise-level SOC is far out of sight. By deploying a managed service provider (MSP) to handle your managed detection and response, you can leverage specialist cyber security support and expertise in tandem with your internal IT teams. You can leave the experts to focus on managing the threat landscape, leaving you free to run your organisation.

Many also believe that if you’ve got basic security measures mastered, you simply don’t need the advanced cover MDR provides – this isn’t true. Threats have evolved to bypass basic antivirus and antimalware. Today, you need to maintain a layered security approach, with advanced threat detection as a starting point.

While antimalware and antivirus solutions can help you stop a malware based attack, they can only do that once it’s made its way into your network and devices. These technologies are no longer enough to keep your data safe and secure. MDR offers 24/7 monitoring and response, capable of detecting many types of threat, not just malware, before it can have an impact.

What are the features of a managed detection and response service?

At Advania, we’ve developed our MDR service based around Microsoft security technologies that cover key attack perimeters across identities, infrastructure, devices, apps and data. Our MDR for Devices service focuses on endpoints, including end-user devices and servers, which are protected with Microsoft Defender for Endpoint.

Our MDR service is easy to onboard and put into service in your organisation, offering proactive and reactive services to manage cyber threats and their impact on your organisation with Managed Detection and Response for Endpoints from Microsoft. Here are the features of the service at a glance:

• Detection: continuous high-fidelity threat detection and alerting with Microsoft, community and Advania-developed custom detections
• Triage: triage and investigation of threat alerts, including escalation to incident status for broader response
• Response: 24/7 response to critical incidents leveraging automated and manual runbooks
• Visibility: reporting on key performance indicators and activities with access to your security portal
• Continuous improvement: tuning automated response capabilities and managing business approved exceptions