What is managed detection and response (MDR)?

21st June 2021

When malware strikes, you need a plan of action, not just alerts.

Network firewalls and antivirus software are essential cyber defences, but they aren’t always particularly proactive should a piece of malware sneak its way through.

What is Managed Detection and Response (MDR)?

Managed detection and response (MDR) is a proactive, outsourced cyber security service that actively monitors for hidden, persistent malware threats on endpoint devices like PCs and laptops.

Rather than relying on set virus definitions, MDR looks out for the symptoms of embedded vulnerabilities, making it a formidable tool in the fight against as-yet-unknown zero-day threats.

However, the massive ace up MDR’s sleeve is its human element. When an MDR tool does track down a potential malware menace, it will notify a human security technician to assist the client organisation one-on-one in removing and mitigating the threat.

As well as your common or garden viruses, trojans, and ransomware, MDRs are great at getting to the bottom of particularly nasty, elusive threats like remote access trojans (RATs)advanced persistent threats (APTs), and fileless malware. In fact, 30% of our MDR clients report that our MDR tool of choice found threats that weren’t picked up by their (often quite formidable) security stacks.

How do managed detection and response tools work?

Well, there are two core elements at play when you subscribe to an MDR service: the software itself and human threat investigation and mitigation.

What Does MDR Software Do?

In order for a device to be protected by an MDR tool, you’ll generally need to install MDR client software. This software is usually remarkably lightweight. Our preferred MDR tool, Huntress, doesn’t even have a client-side interface – it just sits in the background, securely keeping an eye out for any tell-tale signs of malware malaise.

There are a number of ways that the software achieves this, such as referencing the latest global threat intelligence; monitoring file and network activity for anything unusual; and even ingenious traps like ransomware canaries designed to catch cyber nasties in the act – more about those later.

How does human intelligence factor in?

The “managed” human element of MDR is truly the ace up its sleeve, and what sets it apart from more passive anti-malware tools.

Traditional endpoint antivirus will generally go “oop – there’s a piece of malware! Better tell the user, quarantine the threat, and notify my central servers.” Sadly, in most cases, little else happens.

However, when MDR tools “phone home” about an identified threat, it will assign a human cybersecurity technician who will guide you (or your MSP/MSSP) through the removal and mitigation process directly.

If the threat appears to be as yet unknown to the security community (a “zero-day” threat), then the MDR technicians will manually investigate the issue further, providing full support throughout the investigation and resolution process.

How does MDR compare to Managed Security Services (MSSP)?

You may well be wondering how managed detection and response services compare with managed security services.

MSSPs typically provide services like firewall and antivirus management; alert monitoring; mail filtering; and rule-based detection. In short, they help their clients with the day-to-day running of their cybersecurity functions, and help them keep their defences high. MSSPs are chiefly concerned with security surrounding the network perimeter (where the network interfaces with the open internet) and activity within the network infrastructure, so they don’t usually take a forensic deep-dive into individual endpoints like PCs and laptops unless a problem has already been identified.

Managed detection and response tools, however, are all about continuous, in-depth endpoint monitoring. MSSPs may carry out some threat detection and hunting, but they aren’t usually equipped to carry out the same level of granular threat analytics than MDRs can.

Side note: Want managed security services with MDR included as standard? Look no further than Just Cyber Security’ managed security service!

6 Benefits of Managed Detection and Response Services

1. Enterprise-level endpoint security: not just for enterprise

Cyber threats can strike at any moment, so vigilant detection and response is essential.

In larger, enterprise-level organisations, this isn’t a problem. They will generally have their own in-house cybersecurity teams or even a full blown security operations centre (SOC) who can react to cyber risks at the drop of a hat. But what happens to SMEs and micro-businesses who don’t have the resources for in-house IT staff?

For every household name that falls victim to cybercrime – every British Airways, every Experian, every TalkTalk – there are countless small businesses who don’t have the capital nor the knowhow to weather a cyber attack on any scale. In fact, under-defended small businesses are often targeted specifically by cyber criminals because they’re seen as easy “low hanging fruit.”

Managed detection and response tools give these smaller organisations a lifeline when threats rear their ugly head. They get tools that help nip hidden threats in the bud before they escalate, as well as responsive post-incident assistance from certified cyber technicians. It’s like having your own SOC, but for pennies per user per day!

2. Hunting threats you didn’t know you had

Cybercriminals usually want their malware to stay floating around on the ether, unfixed, for as long as possible so they can maximise their desired outcome. They therefore design malware to specifically to evade detection.

Rather than relying on malware definitions that only pick up on threats after they’ve been detected in the wild, managed detection and response tools are designed to pick up on the symptoms of infection. This way, MDR can detect malware regardless of whether the security community has identified it yet or not.

3. Malware visibility that doesn’t slow you down

MDR software is often remarkably lightweight, with little to no impact on the device’s performance or on network latency. It’s unlikely that you’ll even notice it chugging away in the background, keeping you safe.

4. In-depth threat recon & forensics

Managed detection and response services don’t just sound the alarm when threats appear. They can also alert you to small security gaps that may leave you vulnerable, like unused open ports, file sharing misconfigurations, and unexpected network activity.

5. A human helping hand in times of trouble

So, you’ve been infected with malware – what do you do? Sometimes merely Googling a solution to a problem just doesn’t cut it. And when you might be falling victim to a cybercrime, you need real, responsive, human assistance – fast.

MDR is designed to do just that: as soon as a malware issue is detected, it will put you in touch with a real human technician who will be able to hold your hand throughout the entire resolution process.

6. Criminals are sneaky – so is MDR

MDR tools can lay a number of interesting traps and tripwires that can reveal the presence of hidden malware. One particularly interesting feature (and one that our favoured MDR platform, Huntress, uses readily) is ransomware canaries.

In effect, these “canaries” are dummy document or spreadsheet files that the MDR tool places on protected endpoint devices. They’re cleverly hidden, so it’s highly unlikely that the user will ever run into these files as they use their device. Therefore, if these files are changed, moved, opened, or indeed tinkered with in any way, it’s fairly certain that something untoward is afoot. If a canary file is changed, the MDR will swoop into action and launch an investigation straight away.

This is just one of many ways that MDR tricks threats into revealing themselves.

Our Chosen MDR Platform: Huntress

Our favoured managed detection and response platform of choice is Huntress, by Huntress Labs. Powered by human threat hunting and global ThreatOps intelligence, Huntress helps SMEs all over the world track down and eradicate persistent footholds, ransomware, and other malware attacks from their endpoint hardware.

Why we chose Huntress

There are plenty of MDR tools on the market, but we chose Huntress because of its sheer reliability. It uses numerous ingenious methods to track down advanced persistent threats and unseen footholds, whilst also flagging network security loopholes that may be leaving you vulnerable.

Huntress won’t hog your device resources either. The Huntress client is very lightweight – constantly, quietly monitoring in the background. Device slowdown is practically non-existent; as I write this, the Huntress client is using less than 0.2% of my available RAM!

So, to describe Huntress in a nutshell: it’s relentless – without slowing you down or breaking the bank.

30% of our clients who use Huntress say it has identified threats that the rest of their security stack didn’t catch. Ready to join the hunt for less than 10p per user, per day? Declare war on the threats that may already be hiding on your Windows devices right now, with Huntress.

Learn more about Huntress here, or chat with one of our technicians today – just call 0161 5183341.

You’re in safe hands with our cyber security team