Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Emerging from the traditional managed security service provider (MSSP) model, Managed Detection and Response (MDR) is an answer to the fact that threat actors have increased their ability to circumvent traditional detection measures. As early as 2011, MDR emerged (uncategorized at the time) with a single guiding principal: Acknowledge that a breach will happen. When it does, minimize threat actor dwell time to reduce risk.
However, as the MDR market has evolved, four criteria remain constant as key to minimizing threat actor dwell time in the event of a breach: visibility, fidelity, detection capabilities and response. When these criteria are measured against in-house resources, risk tolerance and available budget, they can be used to choose the appropriate MDR vendor based on your organizational requirements.
To help organizations make an informed cybersecurity solutions choice, eSentire has authored, The Definitive Guide to Managed Detection and Response (MDR) (and this blog series) which examines seven categories of MDR providers, measured across four criteria, which include:
Visibility: Signal sources such as endpoints, IPS/IDS, logs, cloud, vulnerabilities, etc.
Fidelity: The depth of information provided by each of the signal sources
Detection capabilities: Ability for the provider to detect known and unknown attacker methodologies using commoditized and advanced methodologies
Response: Delineation of provider and client responsibilities from investigation, alert, containment and recovery
MDR Category #7 – MD-Big-R (Full Telemetry) MDR-FT is a viable option for organizations that have substantial security budgets and are looking for complete threat and IR Lifecycle coverage across any environment.
Profile MD-big-R (Full Telemetry), or MDR-FT, represents the MDR indus- try’s most complete offerings.
Full visibility across on-premises and cloud environments, coupled with integrated machine learning and behavioral analysis, feeds threat hunters with vital information and facilitates near real-time threat detection and containment. Additionally, SLAs strictly outline potential threat actor dwell time, limiting client-side requirements for IR Lifecycle coverage.
Accordingly, the cost to remove those requirements for in-house capabilities across people, process and technology is typically hefty.
Importantly, organizations looking to outsource to MDR-FT providers must have complete trust in the provider’s capability to deliver on SLAs, or else the organization could be put at risk without adequate internal resources to address gaps. MDR-FT is a viable option for organizations that have substantial security budgets and are looking for complete threat and IR Lifecycle coverage among on-premises and cloud workloads.
Coverage
Endpoint: process visibility, East/West (internal lateral)
Network: things in motion, ingress/egress
Log: breadth across network signals and technologies
Vulnerability
Cloud (beyond logs)
Strengths
High level of expertise across multiple telemetry • Highly proven MDR vendor
Use of best-in-class technologies
Complete visibility across attack surface
Ability to correlate multiple signals
Integrated advanced threat detection capabilities
Integrated machine learning and behavioral processes • Deep-level fidelity
Limited false positives
Full IR Lifecycle support
Integrated managed remote threat containment
Deep-level portal visibility
Supports multiple regulatory measures
Weaknesses
Higher service cost relative to SOCaaS, EDr and MDr-MT models
Questions and considerations:
Do we have adequate budget for the provider’s services and in-house requirements without sacrificing our overall security posture in other critical areas?
Does the provider have integrated automated response for known threats available via APIs?
Does the provider have adequate detection capabilities to enable detection of known and unknown threats?
What are the provider’s SLAs for response? Do they meet our requirements?
Does the provider have adequate visualizations and reporting to support our internal teams and meet regulatory requirements?
While this blog provides a snapshot of one category of MDR, the intricacies and interdependencies are the varying types is complex. To learn more about the strengths and weaknesses for each of the seven MDR categories and how you can make an informed decision about what MDR solution best suits your organization, download The Definitive Guide to Managed Detection and Response (MDR) here: https://www.esentire.com/resource-library/the-definitive-guide-to-managed-detection-and-response-mdr
eSentire
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.
Cookies allow us to deliver the best possible experience for you on our website - by continuing to use our website or by closing this box, you are consenting to our use of cookies. Visit our Privacy Policy to learn more.
