Many businesses aren’t large enough to have a full IT security team. In fact, they may not have in-house IT administrators at all. However, cybersecurity doesn’t stop being important just because a company doesn’t have the budget to hire full-time security professionals, so many organizations turn to managed detection and response (MDR) service providers to handle their security threats.
Choosing a managed detection and response service provider
- What are managed detection and response (MDR) service providers?
- What should companies look for when choosing MDR services?
- Compare the top MDR providers of 2021
- Sophos Managed Threat Response
- Arctic Wolf
- Secureworks Taegis MDR
- FireEye Mandiant
- SentinelOne Vigilance
What are Managed Detection and Response (MDR) Service Providers?
Managed detection and response (MDR) service providers are companies that monitor an organization’s network 24/7 to identify, investigate, and remediate threats. They’re often third-party businesses that contract with organizations to provide round-the-clock monitoring and protection. Focused on being proactive, MDR providers focus on hunting threats, rather than patching vulnerabilities.
What Should Companies Look for When Choosing MDR Services?
When choosing an MDR service provider, here are the things you should look for:
24/7 threat hunting and response
Unfortunately, cybersecurity threats don’t stick to a 9-to-5 schedule, and MDR teams can’t afford to either. Businesses need a service provider that offers 24/7 monitoring to keep them safe, no matter when an attacker strikes. Not only should an MDR provider offer 24/7 monitoring, but they should also be proactively threat hunting to find malware that could be hidden in the network.
Managed security infrastructure
Some security tools like security information and event management (SIEM) and some firewalls need security analysts to proactively manage them to provide the best results. An MDR service provider should request access to these tools or include their own, so they can proactively monitor them during off hours.
Ability to speak to experienced experts
The managed part of MDR is having experienced security analysts available for the internal team to talk to. It should be easy for businesses to get in contact with their MDR team to discuss potential breaches and ask for help when they’ve confirmed an attack. Many providers will offer regularly scheduled meetings to discuss breaches the company has faced and any new measures they should implement to improve their cybersecurity.
Global threat intelligence
There are thousands of known malware strains out there, but without the right threat intelligence, they might as well be unknown to businesses. Threat intelligence provides data on the malware’s signature, how it typically enters a network, and the type of data it targets. In order to adequately fortify vulnerabilities, MDR providers should offer threat intelligence and work with businesses to guard against potential threats.
Compare the Top MDR Providers of 2021
Here are some of the best MDR service providers for 2021.
Rapid7’s MDR program includes a dedicated security advisor and full access to its cloud SIEM platform for improved monitoring capabilities. Proactive threat hunting combined with threat intelligence provides a large amount of information on attempted attacks and helps organizations fortify their defenses against known malware. Rapid7 creates custom security guidance for its customers, providing end-to-end protection. Plus, they validate each detection within their own team before passing the information onto the business.
- Support is very communicative about changes and updates
- Low number of false positives despite the large number of logs it ingests each day
- Organizations can create custom parsing rules for logs of internal applications
- Some customers have had trouble using the platform with Azure
- The dashboards and reports need improvement
Sophos Managed Threat Response
Sophos Managed Threat Response combines an advanced machine learning (ML) algorithm with highly trained security experts to contain and neutralize threats. Organizations can customize the response, including who the MDR team notifies about events, what actions they take to remediate them, and how they escalate potential threats. If you have an in-house security team, the Sophos MDR team will also collaborate with them to handle threats more efficiently.
- Provides quick support through the phone line
- Offers an API interface where companies can pull their own threat statistics
- The threat response team is very helpful and knowledgeable
- Don’t provide access to the tools they use
- Only works with Windows workstations and servers
Arctic Wolf’s security analysts work with your existing technology stack to pull security event data from a variety of sources. They handle all of the security investigations to reduce alert fatigue on your internal team and reduce the time they spend chasing false positives. Root cause analysis helps explain how the attacks happened and allows organizations to create new rules and procedures to prevent them in the future. Arctic Wolf also provides security assurance to provide financial assistance in the event of a security breach.
- Knowledgeable and likeable support team
- The dedicated representative actually gets to know the company’s environment
- They provide monthly reviews of the environment with suggestions on what to improve
- Some redundancies or overlaps with in-house teams
- The risk portal doesn’t have as many filters as some clients would like
CrowdStrike MDR boasts the ability to eradicate threats within minutes, reducing the amount of data that attackers have access to. The team consists of experts in both threat hunting and incident response, and their global threat intelligence provides context to respond to events faster. The MDR service includes the Falcon platform, which is completely cloud-native, making it easy and fast to deploy. The Breach Prevention Warranty also backs the service, covering costs in the event that a company does suffer a breach while working with CrowdStrike.
- Very responsive to problems or general questions
- The service is easy to deploy and integrates well with other security systems
- Low resource requirements, meaning it doesn’t slow down devices
- Updates to the user interface (UI) can sometimes take time to learn
- The firewall management add-on is fairly basic compared to similar products
Secureworks Taegis MDR
Secureworks Taegis MDR provides an extended detection and response (XDR) platform with human expertise to quickly respond to and remediate threats. The protection extends to endpoints, networks, and cloud environments, covering all of the entry points attackers might use to get to an organization’s data. The interface is easy to use and helps employees collaborate on investigations while checking any conclusions with the Secureworks team. Plus, quarterly meetings with the Secureworks Threat Engagement Manager allow organizations to discuss and implement new security trends and best practices.
- The team is very responsive and addresses threats quickly
- Secureworks listens to its clients and makes relevant product upgrades
- Provides a personalized experience
- Some clients had minor performance issues with Secureworks on their cloud servers
- Doesn’t offer much of a mobile experience for monitoring
Cybereason MDR uses a severity score to prioritize each alert, reducing alert fatigue in an organization’s security team and ensuring that they don’t miss a critical notification. The platform can be operational in just a few hours and takes only minutes to detect, triage, and remediate threats. Additionally, the reporting feature provides a detailed breakdown of every malware attack. There are three package tiers available, but organizations will have to upgrade to the highest level if they want proactive threat hunting.
- Works closely with an organization’s operations team and improves the efficiency of security processes
- Easy to integrate with other security tools and simplifies workflows
- Analysts provide accurate reports quickly
- Some customers would like more canned, high-level reports for executives after a threat has been remediated
- Contacting Cybereason analysts could be easier
FireEye Mandiant provides a large amount of context to alerts, so organizations can prioritize the most critical threats first. The FireEye experts work with an organization to train and advise their internal security team to improve the overall defenses. Proactive threat hunting helps detect and stop hidden breaches or potential attacks before they disrupt a company’s network by adapting to the attacker’s changing behavior in real-time. Plus, it works with existing security technology to improve visibility and remediation.
- Resourceful in identifying threats to a network
- The FireEye team is very responsive and provides helpful alerting
- Can perform advanced incident response activities like reverse malware engineering thanks to good backend support
- Some customers would like more alert types
- The licensing can be expensive compared to similar products
SentinelOne Vigilance offers a couple of different options for MDR. Organizations can choose MDR on its own, which provides a dedicated security operations center (SOC) that monitors their environment for changes around the clock, or they can choose MDR combined with digital forensics analysis and incident response (DFIR). This option gives companies 24/7 monitoring, but it also helps them simplify their investigations and incident response. AI-driven technology detects threats on the network, and then the security analysts perform a thorough forensic investigation to find the root cause, remediate the threat, and help the business fortify against future attacks.
- The SOC is willing to provide additional information about threats to help companies improve their security procedures
- Easy to integrate and reduces security workloads on internal teams
- Accurate and responsive to incoming threats
- Some incidents incidents take longer to close than expected
- Can provide a lot of false positives, especially in the beginning.