loader
  • Subject-matter expert for interconnecting the nodes
  • HomeWhat Is Managed Detection and Response (MDR)?

What Is Managed Detection and Response (MDR)?

CybersecuritySOC
Amir Hossein Tangsirinezhad
0 Comments

Managed Detection and Response (MDR) is one of the security processes organizations use that outsource their data and resources security. In a more straightforward sense, organizations to protect themselves and their data and detect and monitor threats within the organization instead of making a security operations center, hiring and creating a security team/incidents response team/threat hunting team, and managing their information security They go to companies known as MDRs, which provide the task of protecting the data and security of the organization on a 24/7 basis (24 hours a day, 7 days a week).

MDR comprises a variety of processes, including CTI (Cyber ​​Threat Intelligence), Advanced Analysis, and Human Resources for rapid response to incidents and the power of digital criminology.

How does MDR Work? 

MDR service remotely analyzes, identifies, and hunts threats for you, so that information about threats and previous incidents and information related to Digital Forensics is provided to the organization. The definitive answer and solution are determined and using a combination of machine and human solutions, the threat is eliminated, and the damaged machine returns to its previous state.

The Main Features of an MDR

Prioritization – to review and analyze the data faster, it is necessary to determine the priority for which data and the first event to be examined and determine the importance of the events in each section. For example, data related to access to an infrastructure accessible in the Internet environment takes precedence over infrastructure accessible within an organization through only one part of the organization.

Threat Hunting – Using Threat Hunting Platforms alone is not appropriate in the Threat Hunting process because behind every threat, a human is constantly thinking about how a planned machine or threat hunting platform can bypass it. It can escape from devices with a slight change in its threat, so human threat hunters must also be present to detect threats that have run and been lost by machines.

Investigating – After the attacks, answering some key and essential questions and analyzing them can easily allow us to respond to the threats, so answering the questions and their deep understanding will help us. Among these questions, we can mention:

  • What happened?
  • When did it happen?
  • By whom did this happen?
  • What is the impact of this event on which of our assets?
  • Where did this happen?
  • What systems did it expose to this threat?
  • How far has the attacker gone?

Guided Response – This term refers to the best way to respond and control an incident, which is known as a guided response or the same as Guided Response, which is one of the most straightforward tips for responding to events such as separating the infected system from Other systems include advanced and sophisticated threat removal.

Recovery – The last step of our work is to recover and fix all the problems and remove the malware and apply security mechanisms and restore the network to its original state; Someone should do this part entirely not only in MDR but also in all disaster response processes because it wastes all security investments in case of incorrect application of this process, i.e., improvement or Remediation.

MDR Main Features

What is the difference between EDR and MDR?

EDR is part of Managed Detection and Response (MDR), so MDR oversees the entire organization, but EDRs only focus on systems or EndPoints.

What is the difference between MDR and MSSP?

MDR can be considered a service after MSSP, but the difference between the two is similar. If we want to look more closely, we find that these two are also different.

MDRs, for example, are fully active and focus on threat hunting, but MSSPs are responsive and focus on alerts and vulnerabilities.

MSSPs manage firewalls and security equipment, but not as much as Managed Detection and Response (MDR), provide an analysis of events and provide documentation and details of threats and digital forensic investigation.

Most MSSPs use SIEMs and log management systems, and vulnerability detection platforms, but MDRs are more advanced in analyzing, monitoring, and detecting threats and are more capable.

What are the famous MDR companies?

Among these companies, we can mention the famous and powerful companies, such as SentinelOne and CrowdStrike, although we have other examples that are excellent competitors for these companies, which are:

  • Cynet
  • SecurityHQ
  • Rapid7
  • Cybereason
  • eSentire

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Recent Comments

Archives

Categories

Elissa Garlin

Think of a news blog that’s filled with content hourly on the day of going live.

Recent Posts

Categories

Tags

BGP EVPN Broadcast CCIE CCIE DC CCNP cisco Clos network CyberSecurity Data Center datacenter DC Exchange GNU/Linux Incident Response InfoSec IS-IS Kali Layer 2 Connectivity Layer 2 Technologies linus torvalds Linux linux bash linux basic commands linux commands Linux file structure Linux file system linux path linux tutorial lpic1 lpic1 linux Multitenancy Network Network Virtualization Overlay Nexus NVO NX-OS NXOS Overlay shell Underlay Unicast Virtual eXtensible LAN VNI VTEP VXLAN