Presentation: MDR - Managed Detection and Response

‍The number of cyber threats and attacks has not only increased in recent years, but has also become continuously more complex and extensive.

Source: 2021 CROWDSTRIKE GLOBAL THREAT REPORT

This is why it is becoming increasingly important for companies to integrate a proactive approach into their IT security in order to recognise potential threats at an early stage and combat them effectively. Various efficient tools on the market help IT security teams to identify signs of threats and, ideally, to respond to them directly.

However, the use of these tools consequently leads to more reports, including of possible false alarms, which increasingly require qualified personnel to analyse them, but who are often not available in sufficient numbers.

The use of an MDR can help to meet this need and strengthen a company's IT security in the long term and sustainably without major financial outlay.

But what exactly is an MDR?

MDR stands for Managed Detection and Response and describes the expert-managed variant of an EDR (Endpoint Detection and Response).

It is rolled out locally on the company's Windows clients in order to monitor all activities on them. This enables it to identify anomalies or potential threats in real time and respond to them proactively with targeted measures (depending on the configuration and agreement reached). For example, if malware is detected, the affected clients can be quickly removed from the network to prevent it from spreading and minimise the risk of a security incident.

Overall .

In addition, the hit rate can be continuously improved by using black- and whitelisting of various messages or client activities. This continuously reduces the effort required, while the level of IT security is constantly optimised.

Another advantage that an MDR can offer is the replacement of existing anti-virus clients. Various tools offer not only a consolidation of the tool landscape, but also (depending on the AV previously used) improved protection thanks to a signature and behaviour-based approach.

In summary, the following functions can be attributed to an MDR:

Identification and short-term response at various security levels
Overarching policy management
Optimised risk identification

How does an MDR complement a SOC?

The additional use of an MDR to a SOC has various advantages.

In contrast to a SIEM, the MDR is able to counter threats or anomalies directly with appropriate measures without the need for further consultation processes beforehand. The situational freedom of action is the ideal complement to the general monitoring of all activities.
By specialising and focusing on end clients, the MDR is able to extract in-depth information from the activities of the clients. As a result, the data collected in the SOC is further enriched with valuable data and the analyst team is able to produce more detailed analyses and thus further optimise and improve IT security in the long term.

In general, an MDR can be useful for corporate security even without being connected to a SOC. In combination, however, the MDR is the ideal complement for the SOC, as it enables more meaningful analyses and a rapid response to threats.

This can significantly reduce the company's security risk and thus increase IT security.

We will be happy to advise you with customised solution proposals. Get in touch with us.