Security and risk leaders are challenged with securing their organization in an ever-evolving threat landscape and also with finding skilled people and keeping them trained on the latest technology and threats in the midst of a global cyber skills shortage.
Many companies turn to Managed Detection and Response (MDR) providers to address some of these challenges. MDR is a type of managed security service (MSS) that provides 24/7 threat management and modern SOC functions so companies don't need to stand up a fully mature SOC on their own. MDR can be used to outsource or augment their security operations. Gartner predicts that “By 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment capabilities."
MDR services can help you to:
MDR helps reduce the time to detect (MTTD) and remediate threats (MTTR). MDR provides the tools, tactics, procedures (TTP) and people. Good MDR offers customized, prescriptive response actions or outcomes rather than just alerts.
Additionally, MDR may provide incident response and orchestration. Each MDR provider will likely offer multiple tiers of services. You should determine what business outcomes are most important and likely use cases and then review service requirements. Forrester Wave: MDR 2021 offers more details on different offerings.
Some of the key questions to ask an MDR provider include:
Technology advancements can help people become more efficient and effective, and a significant technology shift is happening to the MDR market. Legacy MDR providers built their services on legacy endpoint detection and response (EDR) technologies. EDR-based MDR services require MDR analysts to do more manual tasks, spend more time gathering evidence and applying their skills to rudimentary tasks.
With the advent of eXtended detection and response (XDR), MDR that leverages XDR gives these MDR providers a distinct advantage, enabling a higher level of service efficacy to customers. Because XDR stitches both endpoint and non-endpoint events together, the XDR-based MDR provider can provide a holistic view of your entire environment in a more efficient manner
MDR using XDR will have detection built in with root cause analysis and timelines enabling a faster time to detect and contain a threat. XDR removes the burden of triage, detection and alert management from MDR analysts so they can quickly focus on critical response recommendations and customized actions when it's a race against time and every second matters.
XDR provides advantages for MDR service effectiveness including:
The Cortex XMDR Specialization will enable partners to combine Cortex XDR, Palo Alto Networks pioneering eXtended detection and response solution, with managed services offerings to help you streamline security operations center (SOC) operations and quickly mitigate threats.
We have built our new Cortex XMDR specialization with partners that have verified deep experience in delivering MDR across multiple industries and geographies. We offer detailed onboarding, training and support to partners. Our XMDR specialization enables you to easily find XMDR partners that are a fit for your needs and have met our rigorous requirements for technical and practical expertise in delivering Cortex XMDR.
Find out more about how you can leverage the expertise of our Cortex XMDR specialized partners to significantly reduce your time for threat detection and threat response.
Ask your Palo Alto Networks sales representative for more information on Cortex XMDR.