Dedicated Threat Hunting Investigations
I always enjoy reading an article from someone who truly gets it. This particular article was a preview of a forthcoming ebook from SC Media titled “All about MDR: What it is and how to optimize it.” The article describes managed detection and response (MDR) services as when a “vendor performs dedicated threat hunting investigations and incident response on behalf of a customer.” [The analysts at Gartner would properly add that the vendor needs to bring their own technology to the table as part of the service as well.] The article emphasizes the following key prerequisites for anything called “MDR”:
- Access to real human threat hunters – a truly rare breed.
- Specific focus on threat detection and threat response.
- Continuous monitoring and scanning.
- Guided remediation and prioritization.
- Working partnership built on shared and non-shared responsibilities.
Proactively Fight the Fire
The article goes on to distance MDR from (M)EDR, XDR, MSSP and SIEM/SOC services. Providers of these services often say they are performing “MDR Services” when they are just slapping a new label on their old MSSP services or selling products. MSSPs are more focused on the administration of alerts (reactive) than (proactive) threat hunting, threat intelligence and incident response. The later three skills define what you should look for in a MDR provider. When an MSSP, EDR, XDR or SIEM/SOC provider calls themselves an MDR provider, it’s akin to a Fire Department radio dispatcher saying they put out fires. A bit of a stretch. You want the people that actually fight the fire on scene with your team.
MDR is when a…“vendor performs dedicated threat hunting investigations and incident response on behalf of a customer.”
- Daniel Thomas SC Media
A Passion for Eliminating Threats
At PacketWatch, we employ dedicated threat hunters whose passion and sole occupation is to hunt and eliminate threats. That’s it – nothing else. Their vernacular is formed by the incidents they respond to each week. Our PacketWatch platform is the ultimate threat-hunting tool because it is designed by and for threat hunters. It provides the additional detailed visibility into the network and context that EDR, XDR, and SIEM lack. Our threat hunting team knows what to prioritize and how to kill it. That’s what hunters do.
So, good for the folks at SC media! I look forward to reading the rest of their ebook. In speaking recently with the Gartner analysts, we expect they will be reinforcing many of the same points in their upcoming revised MDR Market Guide too. The reason you want an MDR provider is for the quality and experience of the people you will be working with, not just another technology.
So, if you are considering Managed Detection and Response services (or want to upgrade from your current provider), please give us a call today at 1.800.864.4667. We’ll be happy to show you what outcomes a real MDR provider can provide your firm.