This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.”
By the time you’re ready to invest in a Managed Detection and Response (MDR) service, you’ve likely already invested in a number of different security tools aimed at preventing threats and detecting breaches. MDR is a continued investment in this technology, not always a pure replacement. MDR is a complement of any program with a “defense in depth” technology stack.
When designing modern submarines, the Navy uses a thought process of "assume breach," meaning at some point a flood door or bulkhead will fail and there needs to be multiple failsafes to ensure adequate protection.
The same is true for a security program. Utilizing an “assume breach” mentality in the network, instead of just having a firewall at the perimeter and endpoints on the interior of your network, the defense in depth strategy would layer a firewall with an IDS/IPS, EDR on the endpoint. Then, going further, you would look beyond point solutions to include network segmentation, strong passwords, patch management, etc.
The best MDR providers will want to use all that data as part of delivering their service because it improves threat detection and validation accuracy. More data means more visibility, more ways to correlate threats, and more ways to track attackers.
Compare the top 14 MDR vendors in the 2021 Forrester Wave for MDR
Get a free copy
This includes ingesting your c ..
Support the originator by clicking the read the rest link below.
