What You Should Expect from an Effective MDR Provider

Organizations are always looking to improve their security defenses, especially when their current approaches are not meeting business or strategic expectations or fail to offer full protection. In the Market Guide for Managed Detection and Response (MDR) services (May 2017), Gartner points out that threat detection and incident response are becoming top priorities for enterprises that are moving away from traditional, prevention-only approaches.

Many organizations are unfamiliar with managed detection and response services and have often turned to alert-based threat protection services that were never designed to handle or investigate advanced attacks. Therefore, it’s important to understand the option of an MDR such as FireEye as a Service, and what to look for when searching for a partner to provide such services.

According to Gartner's Market Guide for MDR, managed detection and response improves threat detection and incident response capabilities via a turnkey approach to detecting threats that have bypassed traditional security measures.

However, an effective MDR not only detects threats that evade traditional security, but also incorporates proactive hunting and in-depth investigative capabilities to establish the possible identity, motivations, targets, timing, and methodology of potential attackers.

Many providers claim they offer MDRs. From traditional managed security service providers (MSSPs) to pure play MDR providers, most are new to the security space. You need clear criteria to help identify who you can trust to fully protect your data.

FireEye recommends evaluating MDR providers against these five capabilities:

  • Threat Intelligence is the foundation for detection: Advanced threat detection starts with thinking like an attacker in order to anticipate their next move.
  • Hunting is an iterative process: Hunting must be viewed as a continuous iterative process of discovery and development.
  • Hunting drives technology innovation: Hunting insights should be translated into new product detection capabilities.
  • Incident investigation provides answers, not alerts: Intel-led approach combining analyst driven detection to drive targeted investigations.
  • Rapid, definitive remediation and response: Full spectrum of response capabilities to match the scope of different attacks to specific needs of an organization.

For an in-depth look at how to evaluate MDR providers, download our new ebook: A Buyers Guide for Managed Detection and Response Services. You can also view our webinar, Evaluating Managed Detection and Response (MDR) Vendors, for more information.

FireEye as a Service is a managed detection, investigation and response service that leverages industry-recognized cyber security expertise and threat intelligence to accelerate detection and investigation of cyber attacks.