MDR Vendor Must-Haves, Part 5: Multiple Threat Detection Methodologies, Including Deep Attacker Behavior Analysis

MDR Vendor Must-Haves, Part 5: Multiple Threat Detection Methodologies, Including Deep Attacker Behavior Analysis

This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) service providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.


Let’s start with an analogy: Say you’re a fisherman out on a mission to specifically catch tuna. You throw out a net, and when you bring it in, the net scooped up a bunch of other fish, too. Either you have to sort through them, or a whole bunch of fish will be harmed.


Security tools that are often based on static rule sets designed to look for specific events can lead to tons of false positives, catching users or assets that are actually innocent but require analysts to perform thorough investigations.


Threats and attackers come in all shapes and sizes, and each type of threat and attacker requires different methods for detection and response. Common threats that affect every business require up-to-date and well-managed threat intelligence to quickly identify and remediate. More complex, targeted attacks perpetuated through sophisticated attackers require equally adaptive detections, as their tools will be unknown to the threat intelligence industry.


So while rules are easy to write, they’re not the most accurate way to detect real threats today. This is where behavioral analytics comes in.


The best Managed Detection and Response (MDR) providers use a combination of threat intelligence, User Behavior Analytics (UBA), Attacker Behavior Analytics (ABA), and human threat hunts to provide detection for threats and attackers. ..