WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Security teams turn to MDR providers to be a trusted partner and help them protect and securely enable the business.
Managed detection and response (MDR) is an outsourced cybersecurity service where a trusted third party manages threat monitoring, detection, and incident response for the organization.
This makes the third party responsible for monitoring the security ecosystem 24/7 in real time, detecting various threats, and investigating them. Additionally, they either respond to threats or provide the necessary information so the organization’s security team can act.
What MDR is not, however, is a replacement for compliance within your organization. MDR largely focuses on endpoint threat detection and response and is generally not involved with your security protocols, controls, and other internal operations.
An MDR solutions uses a combination of various technologies, best practices, and skilled analysts to deliver its services. The basic components typically include a security information and event management (SIEM) technology and endpoint detection and response (EDR) or endpoint protection platforms (EPP) with real-time monitoring and detection of ransomware, malware, and other security intrusions with rapid incident response to address and eliminate the threats.
The most important components of MDR include threat intelligence, threat hunting, security monitoring, incident analysis, and incident response. The key pillars of this approach rely on the strength of the tools and technology the security provider uses and the expertise and dedicated support provided by external security professionals.
A traditional MDR provider looks to its own or white-labeled solutions to achieve those different functionalities in a turnkey fashion. In such cases, the MDR may or may not leverage the customer’s existing security tools and technologies. The outcome, then, is largely dependent and limited to the MDR provider’s tools, approach to security monitoring, the processes they use, threat intel sources they use for context, and the data sources on which they rely to learn about threats. If an organization is keen on extending current security technologies they have invested in or needs a partner who can help them mature their security operations, a turnkey approach will fall short.
In general, MDR providers will use their own security solutions in the organization’s network environment, meaning that while vetting providers, you will want to pick a provider that can integrate easily with your existing tools and technologies. The specific techniques MDR providers use may vary by their approach to security monitoring, level of automation in security response, and the data sources they use for threat intelligence.
A managed security services provider (MSSP) functions similarly to an MDR service provider in that it monitors a customer’s network security. The difference is that the former merely provides alerts when it spots anomalous activity indicative of security incidents in the latter’s managed systems. It doesn’t launch an investigation, and it does not respond to any threats that it uncovers in the process. It tags alerts—including false positives—and sends them to their customer’s IT team for review. By contrast, MDR detects, investigates, correlates, and responds to security alerts. In addition, an advanced MDR provider would conduct threat hunting operations as well as manage your security investments.
Many organizations might opt for in-house security operations where they build their own tech stack and manage the various tools. This initiative requires the right resources and skills to not only conduct incident response—from detection to response—but also administer and manage the various tools and keep them optimized against a dynamic threat landscape. In many cases, co-management with an MDR provider is a viable option since this allows the in-house security team to leverage outside expertise without having to hire them, ensure 24/7/365 monitoring, and focus on more strategic initiatives and high-value tasks. Here are the primary technology options while building out an in-house tech stack:
In most cases, a Security Information and Event Management (SIEM) technology is the predominant technology to operationalize security operations. SIEM technologies specialize in ingesting, aggregating, and correlating data from network security devices, provide real-time monitoring and analysis of events and help with compliance by logging data. In many cases, SIEMs require analysts to write rules or scripts with specialized languages. While SIEMs have matured over the years, there could be architectural challenges with ingesting all the necessary data and requires specialized skills to manage, optimize, and operate.
As the threat landscape evolves, endpoint detection and response (EDR) technologies are becoming more of an imperative. They offer continuous threat monitoring and detection as well as automated response to digital threats. But EDR brings this functionality to the endpoint level only, falling short of contextual focus on threats. While they promise timely response to attacks, EDR tools are very resource-intensive and require specialized skills.
Extended detection and response (XDR) is a cross-platform threat detection and response strategy and is the next evolution in the answer to cut across security silos in an organization. The benefit of MDR versus XDR is that it enables organizations to take a proactive approach to their security by delivering visibility across endpoints, applications, cloud workloads, and the network. In some cases, MDR providers are starting to leverage XDR technologies, given their advantages. But XDR technology requires integrations with disparate tools and can be resource-intensive for an early-stage organization that might lack the right talent.
Decrease in Alert Triage and Response Times
Reduction in Alert Noise and False Positives
Improvement in Total Cost of Ownership
Not all organizations have robust IT security teams who can manage their threat detection and response requirements internally. Amid the ongoing cybersecurity skills gap, many organizations have trouble hiring professionals to fill out their teams. Even when they hire someone, they could still struggle to retain their talent due to poaching from other companies, a lack of effective management, and the pressures of the job.
MDR can help to address these challenges by amplifying the reach of organizations’ security teams. Specifically, it helps to improve team members’ visibility of the network and reduce the number of false positives and focus on true threats. Security personnel can therefore spend less time chasing down alerts (or potentially false positives) and more time working on meaningful projects that help to augment their employer’s security posture.
The benefits of MDR don’t end there, either. Fewer alerts mean less time needed to visualize an attack chain, for instance. Hence a shorter mean time to respond (MTTR). Not only that, but MDR can end up saving customers money in the long run. Organizations don’t need to set aside the effort, budget, and time to establish their own internal Security Operations Center (SOC). All they need to do is pay a monthly operating expense for the MDR platform, and they get access to a reputable SOC that already exists in a shorter amount of time.
Organizations need to consider several things when selecting an MDR provider.
Is the cost predictable and straightforward?
Organizations need to know if the cost for an MDR offering enables them to scale or change their service as their business requirements change. They also need to know if 24/7/365 coverage really means continuous monitoring or whether it applies only to a limited number of security events.
Does the service come with a dedicated customer service manager?
One of the core benefits of MDR comes from someone who understands the customer’s strategy, provides recommendations, and helps mature their security program over time. This type of attention ensures that organizations are fulfilling their security requirements and can work with the MDR as a trusted partner towards that end.
Are reporting and measurement included?
It’s difficult for organizations to evaluate their security programs if they have no way of determining where they stand. That’s why it’s helpful when MDR platforms come with measurements that can help security teams demonstrate how they’re decreasing risk and facing up to the threats they care about while saving time and money. Otherwise, they’ll need to implement measurements on their own outside of the MDR platform, thus creating more work for their security personnel.
How does the provider assess threats in a customer’s environment?
MDR is helpful only if it works with organizations to address their unique security requirements. As such, the best MDR arrangements are those where the provider uses best practices based on customers’ industry, business, or department goals along with relevant frameworks to prioritize risks along with detection content.
Can the provider work with their existing security tools?
As they work with an MDR provider, organizations might see redundancies and find themselves in a position where they can optimize their security stack. They might also eventually decide to bring on new security tools. The MDR should be able to accommodate the customer’s requirements based on their maturity—either bring the tech stack necessary to deliver services or leverage the existing investments to do so.
Who owns the detection content?
Organizations need to consider the prospect of parting ways with their MDR provider. If this happens, will they keep the detection content that the provider generated from them? Or will they need to start over while they look for another provider, leaving themselves exposed in the process?
Will the provider give them a unified view of their environment?
Organizations need a unified view of their data and tool inputs if they want their security teams to be able to make decisions in a timely manner. If an MDR provider can’t give this level of visibility, then it is difficult to make informed decisions on subsequent actions to take.
Does the provider offer automation capabilities?
Speed is everything when it comes to response. Hence the need for automation. Specifically, an MDR provider who comes with validated automated response playbooks and who allows for the creation of custom playbooks as new threats emerge can really make a difference.
Is threat hunting included in the cost?
The logic behind MDR is to take a proactive approach to cybersecurity. With that in mind, advanced MDRs offer threat hunting and attack simulation capabilities to their customers. Organizations need to determine whether these services are available with a potential provider and whether they cost an additional fee.
ReliaQuest GreyMatter uses a combination of services and technology to deliver MDR outcomes for organizations looking to improve their security posture. Organizations don’t need to replace their tools or hire more personnel because ReliaQuest force multiplies their existing teams to make the most out of their SIEM, EDR, public clouds, and other technologies, thus saving customers money and time. ReliaQuest uses detection content mapped across Kill Chain and MITRE ATT&CK frameworks as well as automated response playbooks to keep customers safe against emerging threats.