The MDR market has become crowded, noisy, and competitive. As a security leader, how do you differentiate between MDR providers whose claims sound similar, but who actually deliver widely varying levels of service and detection capability?

This Modern CISO Guide to Managed Detection and Response will give you an understanding on what you should be looking for, what questions to ask, their personalization capabilities and what you should expect from an MDR partner.

Download our ModernCISO Guide on MDR now for more information.

At a Glance

• An overview of the evolution of MDR services
• What to expect from a good MDR service partner
• What role customization, SIEM/SIEMless, detection engineering, and detection frameworks play
• What key questions you should be asking when exploring providers

The Evolution of Managed Detection and Response

As the MSS market has evolved from commoditized offerings like security device management, compliance reporting and alerting, MDR has emerged as a new solution category that’s better aligned with the true value outsourced security teams can provide: 24x7 threat monitoring, threat hunting, expert detection engineering and continuous response.

In recent years, the MDR market has seen rapid growth. In late 2016, only 14 companies were identified as representative vendors. Today, more than a hundred providers claim to be offering MDR services.

Some vendors consider management and monitoring services offered as an add-on to an Endpoint Detection and Response (EDR) platform to be “MDR”; others are bundling additional incident response capabilities with traditional MSS offerings and calling the resulting services package “MDR.” Still others incorporate managed threat hunting into the services mix.

What MDR Providers Should Be Able to Deliver

Because the MDR market is crowded and competitive, security leaders and decision-makers need clear-cut criteria that will enable them to differentiate between providers who offer high-quality, custom-tailored services and those that take more of a cookie-cutter, commodity approach.

Effective MDR providers today require advanced capabilities that enable them to adopt a proactive approach to threat detection and response across diverse environments, while tailoring services to the individual client’s threat model and detection priorities.

MDR providers typically leverage a proprietary technology stack to collect data, find evidence of threats and vulnerabilities, and deliver services, while MSS providers mainly rely on commercially available tools.

Our MDR Services Include

• Use case workshops to map your threat coverage to MITRE ATT&CK and build out your unique threat model
• Onboarding and fine tuning of service
• Advanced detection for common and emerging threats
• Continuous proactive threat hunting
• Incident response with threat containment and co-remediation
• 24/7 direct support from security analysts, hunters, and responders
• Real-time access to MSS Client Portal with KPI dashboards, reporting, SLA, and visibility into hunting activities
• Quarterly business review to ensure continuous service improvements

Kudelski Security’s Approach MDR

Kudelski Security takes a highly personalized approach to every one of our client engagements. Our advanced capabilities and the effort we spend to understand your business and technology context, enable us to detect and respond to threats faster and safeguard your data wherever it resides.

We combine current threat intelligence with business context to deliver better-quality analysis and response.

Many MDR players still have a restricted focus on networks and endpoints. In today’s world, that’s not enough. At Kudelski Security’s 24/7 CFC we maintain complete real-time visibility across all types of environments — from OT/ICS networks to cloud infrastructures. 

MDR Features