Brian Shea, Revolution Group, Chief Information Officer and Practice Director, Technical Services
“An underlying driving force behind MDR is the need to spot threats earlier, respond to them faster, and mitigate them before they become serious incidents.”
The big difference between a managed detection and response (MDR) service and traditional security services is that MDR does more than monitor, detect, and provide alerts. MDR service providers automate responses in real time through their security stack, their security operations center, and staff expertise.
Many organizations that are considering MDR are doing so in response to an incident—something that forced them to rethink their security practice.
In security, it is usually the thing you don’t know that gets you, and people are reevaluating their security technology and practices to see what they are missing. An underlying driving force behind MDR is the need to spot threats earlier, respond to them faster, and mitigate them before they become serious incidents.
When considering an MDR service, think about what you are trying to accomplish. Security practice should start with a security maturity matrix that covers everything from endpoints to the edge. With that you can evaluate your strengths and weaknesses, and then avoid acquiring redundant capabilities. For example, many MDR solutions include layered protection for endpoints so that if you use the full, encompassing MDR service, you may be able to phase out the antivirus/antimalware applications and services you are currently using. MDR not only improves your ability to detect and respond to things quickly but offers an opportunity to consolidate security functions under one vendor, simplifying security management overall.
This is an excerpt from 7 Experts on Transitioning to Managed Detection and Response. This eBook was generously sponsored by GoSecure.
