This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.”
Assessing Managed Detection and Response (MDR) vendors is no easy task. However, evaluating each based on predetermined tactical prescriptions for what a provider can offer your business can help ensure you are hiring the right fit for you and your team.
One key area your MDR vendor must excel in is the deep observation of real-time endpoint data. This blog post will cover why this is such an important part of the MDR promise and break down the Rapid7 MDR team’s approach.
The importance of endpoint data
These days, few significant breaches occur without attacker activity on the endpoint, whether these are workstations, laptops, servers, or cloud assets. The best MDR services combine deep visibility at the endpoint, including real-time forensics capabilities with authentication, network, and log data. Without endpoint telemetry, it’s impossible to see start/stop processes and correlate notable events to determine whether there’s anomalous activity indicative of an attacker.
But this doesn’t mean endpoint detection and response (EDR) is always the answer. It takes a combination of User Behavior Analytics (UBA), Log Analytics, and Attacker Behavior Analytics (ABA) to correlate and detect attackers with higher fidelity.
MDR services that only place sensors on the endpoint will not only miss attacks, but they’ll lack context on who does what in the company. ..
Support the originator by clicking the read the rest link below.
