Issue link: https://insights.oneneck.com/i/1233447
4 Managed detection and response solutions identify active threats across an organization and then respond to eliminate, investigate, or contain them. MDR has increased in visibility and importance as organizations realize that no level of in- vestment will provide 100% protection against threats and as the scale and complexity of the security challenge becomes intractable for individual organizations, regardless of size. With this growing market demand, some vendors have responded by repositioning existing solutions as managed detec- tion and response. Others have created new and niche solutions, also described as MDR. It's important to understand the needs, perceptions, and ideal value of MDR in order to clearly define it. Why do people need MDR? Security is hard and complicated. Few organizations have the experts and infrastructure they need to protect themselves, and that protection is the most customized part of security. Since they don't feel like they can protect themselves, organizations will rely on other sources and providers to know when they are being attacked and how they can respond. This ability to respond is a natural compromise in the presence of what they see as the impossible task of making themselves 100% secure. What do people believe is MDR? People think of experts watching screens looking for indications that somebody is attacking them. They think about the experts either automatically stopping the attack or calling them and telling them about it so that they can stop it. Depending on their level of pessimism, they may think of the experts working with them to recover from a widespread attack that has disabled them or working with them to investigate and clean-up after the attack. What should people demand from MDR? People should step back to think about the outcome they want from an MDR provider. Ideally, they want their systems, that they know are vulnerable, to never experience a successful attack that causes meaningful harm. They should maximize the likelihood of that outcome by setting expectations for what management should mean, what detection should mean, and what re- sponse should mean. To have value, MDR must be continuously informed on the evolution of threats, it must maintain a consistently high level of visibility across all assets, and it must accurately identify attacks in progress to minimize the harm that can be caused. This continuous and comprehensive capability is the most important factor driving organizations to MDR partners. To do this, MDR services require 24/7 visibility, with scalable collection, ingestion, and automated analysis of high-volume, and deep expertise in threat intelligence and analysis to validate events and responses. What is MDR? NEED EXPECTATION GOAL