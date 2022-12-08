As cyber threats increase in volume, complexity, and impact, organisations are increasingly turning to managed detection and response (MDR) services to detect and neutralise advanced attacks that technology solutions alone cannot prevent.

In fact, in its Market Guide for MDR 2021, Gartner anticipates that by 2025, 50% of companies will be using MDR for threat monitoring, detection, and response.

However, the proliferation of defence solutions on the market can make it difficult to understand what exactly MDR is, how MDR fits within your wider cybersecurity ecosystem, and the benefits of using an MDR service.

This article answers these questions and offers practical guidance on what to consider when choosing an MDR service.

MDR is a fully managed, 24/7 service delivered by experts who specialise in detecting and responding to cyberattacks that technology solutions alone cannot prevent.

MDR should not be confused with EDR (endpoint detection and response) and XDR (extended detection and response).

While MDR, EDR, and XDR all support and enable threat hunting, EDR and XDR are tools that enable analysts to hunt for and investigate potential compromise; with MDR, a security vendor’s analysts hunt for, investigate, and neutralise threats on your behalf.

As their names suggest, EDR tools work with data points from endpoint protection technology, while XDR tools extend their data sources across a wide IT stack (including firewall, email, cloud, and mobile security solutions) to provide greater visibility and insights.

Sophos used its industry-leading EDR and XDR solutions when delivering its MDR service.

What MDR doesn’t do is day-to-day cybersecurity management, such as deploying your security technologies, updating policies, applying patches, or installing updates.

Managed service providers (MSPs) deliver IT security management services to organisations looking for support in this area.

“To ensure that it provides users with maximised threat detection, Sophos supports all three approaches. This allows the company to readily adapt to individual customer requirements as needed,” says Ross Anderson, Sophos Product Development Manager at Duxbury Networking.

The reality is that technology solutions alone cannot prevent every cyberattack.

Tools used regularly by IT teams such as PowerShell, PsExec and RDP are frequently abused by adversaries. Automated technologies struggle to differentiate between legitimate IT staff using these tools and attackers exploiting them using stolen credentials.

Stopping these advanced ‘living-off-the-land’ attacks requires a combination of technology and human expertise.

While threat hunting, investigation, and response can be performed solely in house using EDR and XDR tools, there are extensive benefits to using an MDR service either alongside your in-house team, or as a fully outsourced service.

While human-led managed detection and response is an essential layer of cyber defence, high-quality protection technologies remain critical.

Endpoint, network, email, and cloud security technologies continue to play a vital role in today’s defences — and the right solutions can increase the effectiveness and impact of an MDR service:

Here are the top five benefits reported by organisations that use MDR services:

1. Elevate your cyber defences

One of the major advantages of using an MDR provider over in-house only security operations programmes is elevated protection against ransomware and other advanced cyber threats.

With MDR you benefit from the breadth and depth of experience of the provider’s analysts.

An MDR vendor will experience a far greater volume and variety of attacks than any individual organisation, giving them a level of expertise that is almost impossible to replicate in house.

MDR teams also investigate and respond to incidents every day, giving them much greater fluency in using threat hunting tools.

This enables them to respond more quickly and accurately at all stages of the process — from identifying the signals that matter to investigating potential incidents and neutralising malicious activities.

The runbooks are continually updated, and analysts record salient information with every engagement.

A further advantage of an MDR service is that it can apply intel from one customer to others that match the same target profile, enabling them to proactively prevent similar attacks in that community.

Should Sophos’ analysts detect any suspicious signals, they are able to swiftly investigate and remediate the situation, creating community immunity for the targeted group.

2. Free-up IT capacity

Threat hunting is time consuming and unpredictable.

The urgent nature of the work can prevent teams from focusing on more strategic — and often more interesting — challenges.

Working with an MDR service enables you to free up IT capacity to support business-focused initiatives.

Organisations using Sophos MDR consistently report considerable IT efficiency gains from using the service, which in turn enables them to better support their organisation’s goals.

3. Get 24/7 peace of mind

By providing 24/7 coverage, MDR services provide considerable reassurance and peace of mind.

For IT teams this means — literally — being able to sleep better at night.

They can relax knowing that the buck stops with the MDR provider — not them — and regain their personal time.

For senior leaders and customers, 24/7 expert coverage and a high level of cyber readiness always provides powerful reassurance that their data and the organisation itself are well protected.

4. Add expertise, not headcount

Threat hunting is a highly complex operation.

Individuals in this space need to possess a specific and niche set of skills, and the typical traits required of a threat hunter include:

Creative and curious.

Experience in cybersecurity.

Threat landscape knowledge.

Adversarial mindset.

Technical writing ability.

Operating System (OS) and networking knowledge.

Coding/scripting experience.

This list represents a rare combination of competencies, exacerbated by a notable skills shortage in the IT sector, which makes recruiting threat hunting expertise an uphill — if not impossible — task for many organisations.

MDR services provide the expertise for you.

Sophos has hundreds of expert analysts that provide continuous MDR services to customers across the globe.

Sophos MDR enables customers to expand their security operations capabilities without expanding their headcount.

5. Improve your cybersecurity ROI

To provide round-the-clock coverage, you need a minimum of five or six cybersecurity staff members working separate shifts.

By leveraging economies of scale, MDR services provide a cost-effective way to secure your organisation, and stretch your cybersecurity budget further.

MDR services also greatly reduce the risk of experiencing a costly data breach and avoid the financial pain of dealing with a major incident.

By choosing a vendor that integrates with your current security technologies you can increase return on existing investments.

Sophos has a vendor-agnostic approach to MDR that enables you to leverage your existing products for threat detection, investigation, and response, enhancing your ROI.

What to consider when selecting an MDR service

MDR services differ from provider to provider.

There are many things to consider when evaluating services — be sure to explore the four areas below.

Levels of support and interaction offered. Breadth and depth of threat experience. Day-to-day customer experience. Breadth and depth of telemetry.

Sophos MDR provides extensive integrations across the full IT stack, including both native and third-party integrations with endpoint, network, cloud, email, and Microsoft 365 technologies.

Sophos’ vendor-agnostic approach enables analysts to have broad visibility across the entire customer environment, which in turn elevates threat detection, investigation, and response.

