How to Choose an MDR Solution

What Is MDR?

Managed Detection and Response (MDR) solutions are specialized security services that allow an organization to outsource the management of Endpoint Detection and Response (EDR) products installed across their network domain. According to Gartner, MDR provides real-time threat hunting to detect malicious activity on individual endpoints, actively mitigate identified threats, and push alerts for further investigation to the MDR service provider’s SOC. MDR services give an organization access to security experts specializing in threat hunting, analysis, and response, alleviating the burden of complex and critical security operations.

Types of MDR

Bring-Your-Own Security Stack / Hybrid Solution

Full Vendor-Supplied MDR Stack

Cloud MDR Solution

Managed Extended Detection and Response (Managed XDR)

Custom MDR Solutions

There are several ways MDR services can be packaged and delivered depending on an organization’s specific technology environment and risk requirements. The standard MDR delivery platform is a centrally managed, multi-tenant Cloud platform that offers customers access to log management, orchestration, real-time analytics, and a user interface (UI) dashboard. 

MDR services can be differentiated based on their ability to integrate with existing security products across an environment (Bring-Your-Own Security Stack) or whether they only operate as a standalone platform (Full Security Stack). Most MDR solutions are limited to two endpoint detection products: EDR agents and Multifunction Network Security Monitoring (NSM) applications. These products are not typically environment agnostic and support a limited set of vendors and technologies. 

Leading MDR vendors can develop custom agents to protect email, Cloud services, DNS, IoT and medical devices, and Industrial Control Systems (ICS) and SCADA networks. MDR providers are also increasingly offering support for Cloud environments with Cloud Security Posture Management (CSPM), Cloud Access Security Brokers (CASB), and Cloud Security Workload Protection (CWPP) capabilities.

Components of an MDR Solution

Platform admin and analytics dashboard

EDR Agents

  • Workstation Agents
  • Server Agents
  • Network Security Monitoring (NSM) Agents
  • Email Server Agents
  • DNS Server Agents
  • IoT / Medical Device Agents
  • ICS / SCADA Security Agents

Outsourced SOC team monitoring and threat response services

What Makes a Good MDR Solution?

An MDR solution combines Endpoint Security products with MDR services. When evaluating an MDR solution, evaluate associated EDR products and cybersecurity services separately.

It's a good idea to evaluate MDR products based on their ability to reduce malware dwell time by detecting a broad scope of threats and responding quickly, preventing the malware from impacting the affected system. 

The effectiveness of an MDR solution also depends on its ability to detect known and unknown threats and make use of new threat intelligence as it becomes available. If an MDR product includes extended capabilities (as with Managed XDR), it should correlate security telemetry and effectively orchestrate a cohesive response across a network environment in real time by updating security awareness to all endpoints.

It's also a good idea to evaluate an MDR provider in terms of its commitment to delivering services—such as whether the service includes 24/7 support availability and the comprehensiveness of its service-level agreement (SLA). It’s also important to consider the size and reputation of the service provider to determine a level of trust, the potential scalability of their services, and their ability to produce, digest, and act on global cyber threat intelligence (CTI). Some MDR providers may also employ comprehensive threat remediation, mitigation services, and customized products for an organization’s unique environment.

How to Choose the Right MDR Provider for Your Organization

Selecting the right MDR provider for your organization requires a comprehensive analysis of its risk requirements and operational technologies. Decision-makers should understand where operational criticality and sensitive data lie in their network, which technologies are used, and how the threat landscape applies to their organization on a department-by-department basis. This high-level understanding gives an organization the information it needs to evaluate each MDR provider in terms of product and service offerings.

Performance benchmarks for top Endpoint Security solutions are also published in independent research reports such as the MITRE Enginuity ATT&CK Evaluations. These evaluations offer insight into how a particular vendor's products performed against targeted simulated attacks. This can help you understand how a particular solution compares to that of competitors'.

CylanceMDR: Expert Delivered. AI Powered.

CylanceMDR provides 24x7 detection and protection. Our team is comprised of world-champion experts, and our platform is powered by pioneering Cylance® AI technology for threat protection augmented with proprietary threat intelligence. Backed by a $1 Million guarantee.
LEARN MORE

Related Resources:

Resource Icon Data Loss Prevention (DLP) Resource Icon Endpoint Security Resource Icon Endpoint Protection Platforms (EPP) Resource Icon Endpoint Detection and Response (EDR) Resource Icon Extended Detection and Response (XDR) Resource Icon Identity and Access Management (IAM) Resource Icon Managed Detection and Response Resource Icon Managed XDR Resource Icon MITRE ATT&CK Framework Resource Icon Mobile Threat Defense (MTD) Resource Icon User and Entity Behavior Analytics (UEBA) Resource Icon Zero Trust Architecture Resource Icon Zero Trust Network Access (ZTNA) Resource Icon Zero Trust Security Resource Icon Security Information and Event Management (SIEM) Resource Icon Secure Access Service Edge (SASE)
More Resources