MDR is one of the most critical components of SASE security research for IT teams.
We make it easier to identify the top solutions for your Enterprise business.
Every day, security teams are inundated with enormous security logs and alerts. Inspecting reporting logs is often simply not enough to prevent and detect modern threats. A growing remote workforce and an explosion in IT and IoT endpoints rapidly expand your organisation’s attack surface. Sophisticated cyber-attacks are routinely making headlines. Multi-layer defence to improve cybersecurity is becoming a far cry as the typical Enterprise business struggles to fill the security skill gap and budget shortages. That’s where one of the leading SASE vendors can help with Managed Threat Detection and Response (MDR) services.
Table of Contents
Gartner forecasts by 2025, 50% of organisations will be using MDR services.
MDR security platforms provide turnkey, remotely delivered, 24/7 security operations centre (SOC) capabilities. Usually cloud-managed, MDR augments and improves an organisation’s existing security by combining advanced analytics, threat intelligence and human expertise for containing threats.
What to look for in an MDR solution
Security and risk leaders should look for specific features and capabilities applicable to your organisation’s unique security situation in an MDR solution. Some of the core capabilities of an MDR solution include:
- Enterprise-wide endpoint visibility
- Advanced threat detection
- Signal fidelity
- Incident Response capabilities
- Global threat visibility and threat intelligence
“The number and variety of MDR providers continue to grow rapidly in an established, but competitive market. Buyers are challenged to differentiate among the variations in delivery approaches and technologies used by MDR service providers.”
You should expect the MDR provider to offer a dedicated security team and in-depth visibility into endpoints, networks, cloud assets, apps, vulnerability scanning and other security features that can adapt to the changing needs of your business.
The global MDR market is projected to grow at a CAGR (Compound Annual Growth Rate) of 30% from 2019 to 2026, reaching $4.6 billion. With over 100 MDR providers in the marketplace, finding the solution right for your Enterprise can be overwhelming. This section reviews top MDR services to help you select the best solution for your business.
Who are the top MDR providers?
1. FireEye Mandiant Managed Defense MDR
FireEye Mandiant offers analyst-driven MDR detection services and defences to thwart threats effectively. The solution can identify covert attacker behaviour using advanced threat hunting. FireEye’s MDR solutions tackle threats at multiple fronts:
- Off-hour protection (Nights and Weekends)
- Endpoint protection
- Managed security tailored for Industrial Control Systems (ICS) and Operational Technology (OT) to protect critical infrastructure
What MDR features do FireEye offer?
FireEye Mandiant’s Managed Defence solution offers several key capabilities:
- Impactful threat detection with real-time visibility in your environment
- Thorough investigation & incident scoping and alerts prioritisation
- Enrichment of priority alerts by Mandiant threat intelligence for comprehensive and proactive threat hunting using the most current threat intelligence data mapped to the MITRE ATT&CK® framework
- Round-the-clock alert monitoring from FireEye’s global Managed Defence SOCs
- Security expertise to quickly assess and contain threats for effective response through strong remediation advisory, risk reports, etc., to prevent incidents and reduce the breach impact
- Real-time visibility of threats in your environment
- Ongoing assessment across the environment to minimise threat escape risks
What are the PROS of FireEye MDR?
- 24*7*365 global MDR coverage by a highly-competent team of FireEye MDR security analysts, defence consultants and cybersecurity experts
What are the CONs of FireEye MDR?
- Every module needs to be connected, requires extensive configurations
2. IBM QRadar Network Insights
IBM’s QRadar Network Insights is a mature, AI-based solution to detect, investigate and alert a wide variety of threats. It provides in-depth visibility into network communications on a real-time basis that extends the capabilities of IBM QRadar SEIM deployments. The solution can detect threat activity that would otherwise go unnoticed through deep analysis of network metadata and application content in real-time using QRadar Sense Analytics. The solution seamlessly integrates with traditional data sources and threat intelligence to extend QRadar’s threat detection and analysis capabilities.
What MDR features do IBM offer?
- Detection and analysis of malware attacks from hidden security threats, including phishing emails and insider threats
- Attack in progress discovery with real-time analysis of names, properties, movement, and suspicious content
- Identification of high-risk users and malicious actions to gain visibility into anomalous lateral movement and compromised credentials from insider and external threats
- In-depth analysis and intelligence to spot phishing campaigns that may otherwise go unnoticed by correlating sources, targets, subjects, and content
- QFlow-based application visibility from network flows to reduce dwell time and hideouts
- Monitoring and mitigation of data exfiltration and compliance gaps
What are the PROS of IBM MDR?
- Interoperability with a solid ecosystem of other IBM security solutions such as IBM Advisor with Watson, IBM Resilient, integrates easily with third-party content and is accessible via QRadar’s marketplace
- Efficient alerts and reporting, ability to quickly show normalised logs and raw logs for debugging, advanced data consolidation, and search capabilities
- Recognised for reducing false positives across security threats
What are the CONs of IBM MDR?
- Scope to improve GUI and dashboards for a user-friendly interaction.
- False positives
3. Cato Networks MDR
Cato MDR 2.0 offers exceptionally fast installation – unlike legacy MDR solutions requiring 30 to 90 days of wait time before you get the results, Cato MDR 2.0 delivers results from day-1 of deployment. Cato MDR is integrated into Cato’s SASE (Secure Access Service Edge) solution, which is an advantage to existing SASE customers.
What MDR features do Cato offer?
- Cato automates threat hunting using AI and machine learning algorithms to mine the network for suspicious flows based on many flow attributes, including accurate client application identification, geolocation, destination IP-based risk assessment, URL category, URL name structure, frequency of access, and more.
- Cato’s SOC team of experts inspects suspicious flows on a daily basis to isolate anomalous behaviour and active threats.
- In a verified threat, Cato alerts customers and contains the network-level threat by blocking the network traffic.
- Cato provides guided remediation by providing your IT staff with the context of threats and recommended steps to remediate.
- Over time, Cato uses deep visibility into enterprise traffic patterns to build cross-organisational baselines of normal network behaviours for anomaly detection.
- Cato MDR’s automated security assessment using a 70-point checklist of best practices on configuration, network segmentation, firewall rules, and security controls to prevent avoidable mistakes.
What are the PROS of Cato MDR?
- Cato MDR taps the power of the Cato SASE platform to eliminate the need for probes and the startup time typical of MDR services
- Cato assigns a designated team of security experts to Cato MDR customers
- Cato’s huge data warehouse automatically collects, indexes, and stores the metadata of every WAN and Internet traffic flow traversing the Cato Cloud
What are the CONs of Cato MDR?
- Relatively new technology with scope for maturity around reporting for web filtering and user activity
- Cato Cloud provides no integration with 3rd party monitoring platforms such as Solarwinds, PRTG, Thousandeyes
To retrieve your local sales contact or book a demo, visit the Cato marketplace listing.
4. Masergy MDR
Masergy’s MDR platform is an innovative platform named the “Most Innovative Managed Security Service Provider” in the 2018 Cyber Defence Magazine (CDM) Infosec Awards.” Masergy’s MDR platform is AI-based and offers its customers a team of seasoned security experts for comprehensive threat detection and response.
What MDR features do Masergy offer?
- Masergy’s Managed Endpoint Detection and Response (EDR) is a turnkey solution including unified prevention, threat detection, and response services.
- Masergy’s cloud and network security monitoring supports a wide range of enterprise devices and IoT.
- Proactive, AI-enhanced threat hunting detects and prevents malware, ransomware, and other threats.
- Masergy’s certified security analysts provide 24/7 &*365 monitoring to handle detection and response to free up your IT security resources, acting as a trusted extension of your team.
What are the PROS of Masergy MDR?
- Masergy’s breach detection and reporting, breach forensics and how Masergy service fosters Data Protection by Design for GDPR compliance
- Cost-effective SOC staff
- Security analytics engine accelerates threat evaluations
- Advanced threat intelligence with three 24/7 SOCs monitoring global security threats
- Access security experts at a fraction of the cost
What are the CONs of Masergy MDR?
- Scope for improvements in customer support and GUI features
To retrieve your local sales contact or book a demo, visit the Masergy marketplace listing.
5. Versa Networks
Versa’s SASE solution includes MDR for organisations of all sizes – from large enterprises to small SMBs. Versa’s SASE framework simplifies IT infrastructure while advancing threat prevention. It also offers improved data protection, easily connects users and devices across all locations, including enterprise site, branch office, home office and mobile workers.
What MDR features do Versa offer?
- Advanced threat hunting and detection capabilities
- Threat detection in a multi-cloud environment, in addition to on-premise, private cloud, and public cloud
- Complete visibility and control of network infrastructure without compromising user experience
- Enriched GUI, intuitive presentation of the rules, and versatile platform to address customer needs
- Complete application session protection regardless of user being inside or outside the corporate network
What are the PROS of Versa MDR?
- Flexible deployments and adaptive to changing organisational IT infrastructure
- Provides Zero Trust approach to the cloud, validating user and device access
What are the CONs of Versa MDR?
- Scope for improvement in professional services and overcoming resource constraints to support large enterprise customers
To retrieve your local sales contact or book a demo, visit the Versa marketplace listing.
6. ExtraHop
ExtraHop’s Reveal(X) 360 is a cost-effective MDR solution to achieve complete visibility, advanced threat detection and intelligent response. The solution combines a modern SOC with a curated technology stack featuring cloud-native threat detection and a team of security experts.
What MDR features do ExtraHop offer?
ExtraHop’s MDR solutions offer the following features:
- Threat Detection and Response with low false positives using ML-based behaviour-based analytics
- Enterprise IoT Security to detect threats within the IoT ecosystem using
- Machine learning, profiling, and service-layer discovery
- Complete visibility across hybrid IT infrastructure, including remote sites
- Alerts generated and scored to prioritise events to prevent P1 incidents or outages
- Endpoint and network monitoring to improve the end-user experience by optimising transactions in the network
What are the PROS of ExtraHop MDR?
- In-depth visibility to find errors and misconfigurations within our environment
- Integration with third-party tools and data sources
What are the CONs of ExtraHop MDR?
- Need to improve support for under-resourced small businesses
7. Lumen Managed Endpoint Detection and Response
Lumen’s MDR solution automates threat detection and remediation by using Advanced Threat Intelligence feeds and 24*7 SOC to create security policy rules proactively. Intelligent threat detection can detect hidden threats to minimise dwell times. The solution restores endpoints to pre-infection states.
What MDR features do Lumen offer?
- Discovery and control of rogue devices (e.g., unprotected or unmanaged devices) and IoT devices
- Tracking of malicious and potentially and applications which may have been compromised
- Offline protection to safeguard endpoints in disconnected states
- Alert fatigue reduction that burdens IT staff
- Access control for USB devices
- Memory snapshots of in-memory attacks for memory-based threat hunting
What are the PROS of Lumen MDR?
- Lumen’s 24*7 SOC proactively creates policy-based rules using Advanced Threat Intelligence feeds and Behavioural Analytics engines while conforming to the MITRE ATT&CK® framework
What are the CONs of Lumen MDR?
- Scope to improve customer support
To retrieve your local sales contact or book a demo, visit the Lumen marketplace listing.
8. Alert Logic Managed Detection and Response (MDR)
Alert Logic is named a leader in the new MDR MarketScape by IDC. Alert Logic delivers white-glove MDR services covering public clouds, SaaS, on-premises, and hybrid environments.
What MDR features do Alert Logic offer?
- Comprehensive threat detection encompassing cloud resources, containers, SaaS applications, and on-premises
- Managed security for web applications and critical assets
- Managed compliance services to industry regulations
- Advanced dashboard conveniently provides quick insights into traffic and attack patterns
What are the PROS of Alert Logic MDR?
- Effectively blocks web attacks (SQL injection, XSS…etc.). The solution allows multiple configurations to specify how to handle policy violations, set up proxy routing and load balancing
- Above-average remediation support
What are the CONs of Alert Logic MDR?
- Scope for innovations to match other nextgen MDR products
9. Cisco
Cisco’s MDR solution provides 24*7*365 threat detection with meaningful, prioritised response actions. The solution combines an elite team of security researchers, investigators and responders with threat intelligence, automation, and response capabilities. It offers well-defined investigation and response playbooks supported by Cisco Talos® threat research. The service leverages Cisco’s integrated security architecture to advance security operations capabilities that can reduce the time to detect and respond from months to hours.
What MDR features do Cisco offer?
- Threat detection uses an integrated cloud security ecosystem for faster detection and containment of attacks
- In-depth analysis with enriching alerts including Talos threat intelligence attacker attributes, tactics, and the context to prioritise threats based on impact and urgency
- Threat investigations utilise playbooks that provide added context to make data-driven decisions for malware, ransomware, botnet, bad actors and other harmful behaviours
- Incident response utilises security orchestration and automated response (SOAR) and case management to execute defined response playbooks to provide detailed threat analysis, including recommended response actions
- Threat remediation and incident response powered by Cisco Talos providing next-level capabilities by leveraging the MDR data repository and tools to respond to an emergency faster
- Robust dashboard, ticketing, reporting, and case management interface integrate with Cisco security solutions.
- Management and prioritisation of alert volume across cloud, network, and endpoints with defined investigation and response playbooks
What are the PROS of Cisco MDR?
- The service delivers relevant, high-confidence, and consistent results for a more robust security posture using proven methodologies, unique intelligence, and an experienced team of researchers, investigators, and responders
- Threat intelligence leverages Cisco Talos Intelligence Group, the world’s largest non-government threat intelligence team
- Robust integrated security architecture providing greater visibility
- 24*7*365 analysis, investigation and response to improve mean time to detect and respond to security threats
What are the CONs of Cisco MDR?
- Scope to reduce complexities in configuring and deploying their solutions
To retrieve your local sales contact or book a demo, visit the Cisco marketplace listing.
10. Flowmon Networks
Flowmon’s MDR solution offers deep network visibility using edge IP flow monitoring technology (NetFlow, IPFIX) for threat detection.
What MDR features do Flowmon offer?
- Real-time network traffic visibility proactively detects threats, botnets, DDoS, and other risks, which typically escapes firewalls, IDS, and antivirus solutions
- Monitoring capabilities to detect and diagnose operational and configuration issues
- Tracking and monitoring of networks to enhance business application performance and user experience.
What are the PROS of Flowmon MDR?
- An agile solution that substantially reduces implementation, operation and management costs
- Quick troubleshooting and ticket resolution
What are the CONs of Flowmon MDR?
- A good product but has a long way to go to become a market leader
Conclusion
In a crowded marketplace, selecting a solution which is right for your business can be challenging. This article analyses some of the most promising MDR solutions for IT teams to give you insights for informed decision-making.
FAQ
What is MDR?
Managed Threat Detection and Response enables cloud based configuration and monitoring of security threats with real-time capabilities to respond accordingly to any immediate risks.
What is the difference between MDR and MSSP?
An MSSP offers management of numerous security services which include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. MDR is one component of a full SASE security suite.
What is EDR and MDR?
MDR and EDR are perceived to offer the same capability in general terms. EDR (Enhanced Detection and Response) products offer the same MDR capability but layer on some additional features to create a more feature rich product.