How to Think About Choosing an MDR Partner

Nov 16, 2021
4 minutes

Security and risk leaders are challenged with securing their organization in an ever-evolving threat landscape and also with finding skilled people and keeping them trained on the latest technology and threats in the midst of a global cyber skills shortage.

Many companies turn to Managed Detection and Response (MDR) providers to address some of these challenges. MDR is a type of managed security service (MSS) that provides 24/7 threat management and modern SOC functions so companies don't need to stand up a fully mature SOC on their own.  MDR can be used to outsource or augment their security operations. Gartner predicts thatBy 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment capabilities."

When Should You Use MDR Services?

MDR services can help you to:

  • Acquire modern SOC capabilities. When there are no existing or limited internal SecOps capabilities
  • Accelerate your SOC capabilities or SecOps maturity
  • Augment or complement your existing SecOps capabilities by providing a second set of eyes or filling gaps in your team or capabilities

What Considerations are Important for Successful MDR?

MDR helps reduce the time to detect (MTTD) and remediate threats (MTTR). MDR provides the tools, tactics, procedures (TTP) and people. Good MDR offers customized, prescriptive response actions or outcomes rather than just alerts.

Additionally, MDR may provide incident response and orchestration. Each MDR provider will likely offer multiple tiers of services. You should determine what business outcomes are most important and likely use cases and then review service requirements. Forrester Wave: MDR 2021 offers more details on different offerings.

Some of the key questions to ask an MDR provider include:

  • How will you tailor your offerings for our environments and needs?
  • Are you able to provide a holistic view, including endpoint, network and cloud infrastructure?
  • What SLAs are available for your services?
  • Do you offer specialized services such as MTTD and MTTR?
  • What engagement cadence will you have with our team?
  • What technology stack powers your MDR?
  • What kinds of analysis and remediation activities are included?

Better Technology Drives Better Services 

Technology advancements can help people become more efficient and effective, and a significant technology shift is happening to the MDR market. Legacy MDR providers built their services on legacy endpoint detection and response (EDR) technologies. EDR-based MDR services require MDR analysts to do more manual tasks, spend more time gathering evidence and applying their skills to rudimentary tasks.

With the advent of eXtended detection and response (XDR), MDR that leverages XDR gives these MDR providers a distinct advantage, enabling a higher level of service efficacy to customers. Because XDR stitches both endpoint and non-endpoint events together, the XDR-based MDR provider can provide a holistic view of your entire environment in a more efficient manner

MDR using XDR will have detection built in with root cause analysis and timelines enabling a faster time to detect and contain a threat. XDR removes the burden of triage, detection and alert management from MDR analysts so they can quickly focus on critical response recommendations and customized actions when it's a race against time and every second matters.

XDR provides advantages for MDR service effectiveness including:

  • More effective prevention through Behavioral Threat Protection, AI and cloud-based analysis to reduce incident handling time
  • Superior response capabilities for faster containment-are included in the response API allowing MDR Providers to leverage the full range of response options via their automation layer
  • Continuous Forensics for faster investigation and reduced burden of analyst time
  • Stitching of data for comprehensive visibility reducing the risk of being blindsided
  • Built in detection automation reducing manual tasks for faster and more accurate response actions

Today we are introducing our Cortex eXtended Managed Detection and Response (XMDR) Partner Specialization

The Cortex XMDR Specialization will enable partners to combine Cortex XDR, Palo Alto Networks pioneering eXtended detection and response solution, with managed services offerings to help you streamline security operations center (SOC) operations and quickly mitigate threats.

We have built our new Cortex XMDR specialization with partners that have verified deep experience in delivering MDR across multiple industries and geographies. We offer detailed onboarding, training and support to partners. Our XMDR specialization enables you to easily find XMDR partners that are a fit for your needs and have met our rigorous requirements for technical and practical expertise in delivering Cortex XMDR.

Find out more about how you can leverage the expertise of our Cortex XMDR specialized partners to significantly reduce your time for threat detection and threat response.

Ask your Palo Alto Networks sales representative for more information on Cortex XMDR.


Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.