He’s on to Something.

He’s on to Something.


He’s on to Something.

Dedicated Threat Hunting Investigations

I always enjoy reading an article from someone who truly gets it. This particular article was a preview of a forthcoming ebook from SC Media titled “All about MDR: What it is and how to optimize it.” The article describes managed detection and response (MDR) services as when a “vendor performs dedicated threat hunting investigations and incident response on behalf of a customer.” [The analysts at Gartner would properly add that the vendor needs to bring their own technology to the table as part of the service as well.] The article emphasizes the following key prerequisites for anything called “MDR”:
  • Access to real human threat hunters – a truly rare breed.
  • Specific focus on threat detection and threat response.
  • Continuous monitoring and scanning.
  • Guided remediation and prioritization.
  • Working partnership built on shared and non-shared responsibilities.

Proactively Fight the Fire

The article goes on to distance MDR from (M)EDR, XDR, MSSP and SIEM/SOC services. Providers of these services often say they are performing “MDR Services” when they are just slapping a new label on their old MSSP services or selling products. MSSPs are more focused on the administration of alerts (reactive) than (proactive) threat hunting, threat intelligence and incident response. The later three skills define what you should look for in a MDR provider. When an MSSP, EDR, XDR or SIEM/SOC provider calls themselves an MDR provider, it’s akin to a Fire Department radio dispatcher saying they put out fires. A bit of a stretch. You want the people that actually fight the fire on scene with your team.

Dedicated Threat Hunting Investigations | PacketWatch

A Passion for Eliminating Threats

MDR is when a…

“vendor performs dedicated threat hunting investigations and incident response on behalf of a customer.”

Daniel Thomas SC Media

At PacketWatch, we employ dedicated threat hunters whose passion and sole occupation is to hunt and eliminate threats. That’s it – nothing else. Their vernacular is formed by the incidents they respond to each week. Our PacketWatch platform is the ultimate threat-hunting tool because it is designed by and for threat hunters. It provides the additional detailed visibility into the network and context that EDR, XDR, and SIEM lack. Our threat hunting team knows what to prioritize and how to kill it. That’s what hunters do.

So, good for the folks at SC media!  I look forward to reading the rest of their ebook. In speaking recently with the Gartner analysts, we expect they will be reinforcing many of the same points in their upcoming revised MDR Market Guide too.  The reason you want an MDR provider is for the quality and experience of the people you will be working with, not just another technology.  So, if you are considering Managed Detection and Response services (or want to upgrade from your current provider), please give us a call today at 1.800.864.4667.  We’ll be happy to show you what outcomes a real MDR provider can provide your firm.

Cybersecurity Law Report Includes PacketWatch Expertise

Cybersecurity Law Report Includes PacketWatch Expertise

Blog | Event

Cybersecurity Law Report Includes PacketWatch Expertise

Ten Cybersecurity Resolutions

Michael McAndrews, PacketWatch Chief Technology and Security Officer, was interviewed by Jill Abitbol from Cybersecurity Law Report for her annual “Ten Cybersecurity Resolutions for Financial Services Firms” article.

The article talks about how companies in the financial services sector are a natural target for hackers given the value and nature of the data they manage. It then dives into a number of steps firms can take to mitigate risk supported by interviews with prominent cybersecurity and law experts.

The other firms represented in the article are:

  • ACA Group
  • Debevoise & Plimpton
  • Drawbridge Partners
  • Proskauer
  • Sidley Austin LLP
Michael McAndrews | PacketWatch

“When an incident occurs, if a plan has not been practiced, it can be chaos.”

– Michael McAndrews

The “Ten Cybersecurity Resolutions for Financial Services Firms in 2023” article offers ten resolutions for financial services firms, which also apply to many other companies, to help improve their cyber defenses in 2023.

The article is available to Cybersecurity Law Report subscribers. New subscribers may request a 2-issue free trial subscription.

About CSLR

The Cybersecurity Law Report is an information service that provides business analysis of critical legal issues related to the cybersecurity, data protection and data privacy challenges facing entities across industries.   

Each Report contains practical, plain-English guidance on compliance strategies and best business practices to assist outside and in-house counsel and compliance professionals with the dynamic issues unfolding in this area.