Ensuring Your MDR Partner Delivers Results, Not Hot Air
The MDR market has become crowded, noisy, and competitive. As a security leader, how do you differentiate between MDR providers whose claims sound similar, but who actually deliver widely varying levels of service and detection capability?
This Modern CISO Guide to Managed Detection and Response will give you an understanding on what you should be looking for, what questions to ask, their personalization capabilities and what you should expect from an MDR partner.
Download our ModernCISO Guide on MDR now for more information.
The Evolution of Managed Detection and Response
As the MSS market has evolved from commoditized offerings like security device management, compliance reporting and alerting, MDR has emerged as a new solution category that’s better aligned with the true value outsourced security teams can provide: 24x7 threat monitoring, threat hunting, expert detection engineering and continuous response.
In recent years, the MDR market has seen rapid growth. In late 2016, only 14 companies were identified as representative vendors. Today, more than a hundred providers claim to be offering MDR services.
Some vendors consider management and monitoring services offered as an add-on to an Endpoint Detection and Response (EDR) platform to be “MDR”; others are bundling additional incident response capabilities with traditional MSS offerings and calling the resulting services package “MDR.” Still others incorporate managed threat hunting into the services mix.
What MDR Providers Should Be Able to Deliver
Because the MDR market is crowded and competitive, security leaders and decision-makers need clear-cut criteria that will enable them to differentiate between providers who offer high-quality, custom-tailored services and those that take more of a cookie-cutter, commodity approach.
Effective MDR providers today require advanced capabilities that enable them to adopt a proactive approach to threat detection and response across diverse environments, while tailoring services to the individual client’s threat model and detection priorities.
MDR providers typically leverage a proprietary technology stack to collect data, find evidence of threats and vulnerabilities, and deliver services, while MSS providers mainly rely on commercially available tools.
Our MDR Services Include
- Use case workshops to map your threat coverage to MITRE ATT&CK and build out your unique threat model
- Onboarding and fine tuning of service
- Advanced detection for common and emerging threats
- Continuous proactive threat hunting
- Incident response with threat containment and co-remediation
- 24/7 direct support from security analysts, hunters, and responders
- Real-time access to MSS Client Portal with KPI dashboards, reporting, SLA, and visibility into hunting activities
- Quarterly business review to ensure continuous service improvements
Assessing Your MDR Providers - Questions to Ask Them
An MDR provider should offer customized, hightouch services that are adapted for your unique business needs, technology environment, and threat model. They should be able to integrate logs and telemetry data from multiple commercial security products with their own custom-built tooling and proprietary capabilities. And they should combine a methodological approach with a forward-thinking vision.
What kinds of environments do you monitor?
Can you respond on my behalf at all hours, even in the middle of the night?
How do you deliver alerts to your clients?
Which types of log data do you collect?
. . .
Kudelski Security’s Approach MDR
Kudelski Security takes a highly personalized approach to every one of our client engagements. Our advanced capabilities and the effort we spend to understand your business and technology context, enable us to detect and respond to threats faster and safeguard your data wherever it resides.
We combine current threat intelligence with business context to deliver better-quality analysis and response.
Many MDR players still have a restricted focus on networks and endpoints. In today’s world, that’s not enough. At Kudelski Security’s 24/7 CFC we maintain complete real-time visibility across all types of environments — from OT/ICS networks to cloud infrastructures.
- Outcome-driven engagements that blend traditional and advanced detection and response capabilities.
High-touch services, personalized to clients’ technology environments and unique needs.
Complete visibility across today’s complex IT, cloud and OT/ICS environments.
- Rapid, accurate response with meaningful, actionable advice and hands-on support (containment and co-remediation).
Full transparency into monitoring and threat hunting services through intuitive MSS Client Portal.
Human-led approach to threat hunting and work relationships with named client success managers.
MDR Services Powered by FusionDetect™
Kudelski Security’s Managed Detection and Response services are powered by FusionDetect™, our proprietary, cloud-native security analytics and response platform. FusionDetect™ works with leading-edge threat detection, deception, and response technologies as well as our native solutions, all monitored by the Cyber Fusion Center (CFC) team.
Leveraging our innovative Use Case Framework, mapped to the latest MITRE ATT&CK techniques and the Cyber Kill Chain, FusionDetect™ dramatically shrinks the time it takes to detect and respond to threats.
Through a multi-layered approach, Kudelski Security’s FusionDetect™ enriches and cross-correlates security-relevant data from client environments while remaining infrastructure agnostic.
Intelligence in Action
From Our Clients
“Kudelski Security offers true visibility into the threats that can impact us. They have also proven they can reduce detection time to just a few hours, enabling a proactive response against advanced attacks.” - Chris Anderson, CISO, Pernod Ricard
“With Kudelski Security on our team, we can now react faster to cyber-attacks. At the same time, we still retain ownership and control, since the comprehensive processes were defined together.” - CISO, RHI Magnesita
“Kudelski Security customizes its MDR approach based on what clients want. Security leaders needing a high-touch, customized version of MDR and a vendor that blends MSS and MDR together seamlessly, should engage with Kudelski Security […] Kudelski Security’s extensive collaboration capability helps clients understand and resolve incidents more effectively.” - Forrester Wave™: MDR Service Providers (MSSP), Q1 2021
“Organisations looking for a hands-on MDR service that spans their entire enterprise network, including deep expertise in operational and ICS environments, should consider the differentiated approach from Kudelski Security. Whilst MDR is a specialty, Kudelski is an MSSP in its own right and offers a range of complementary services that help their customers to build and maintain strong security program.” - Bloor Research Lead Security Analyst, Feb. 2021