MDR - Managed Detection and Response
Managed detection and response is a category of a Security-as-a-Service offering, where an organization outsources some of its security operations to a third-party provider. As its name suggests, it goes beyond simply detecting threats to actually working to remediate them on an organization’s network.
- Incident Investigation:MDR Security service providers will investigate an alert and determine whether it is a true incident or a false positive. This is accomplished through a combination of data analytics, machine learning, and human investigation.
- Alert Triage:Not all security incidents are created equal, and a number of factors can impact the priority of different events. An MDR provider will organize the list of security events, enabling the most critical to be handled first.
- Remediation:A Managed Detection and Response provider will offer incident remediation as a service. This means that they will remotely take action to respond to a security event within a customer’s network.
- Proactive Threat Hunting:Not all security incidents are caught by an organization’s security stack. Managed Detection and Response providers will proactively search an organization’s network and systems for indications of an ongoing attack and, if one is detected, take steps to remediate it.