cybersecurity Glossary

What is MDR?

MDR (Managed Detection and Response) is a cybersecurity service for businesses that focuses on identifying and addressing security incidents. This service typically leverages data gathered from endpoints, such as workstations, servers, and networks, using EDR or XDR software.

While EDR and XDR technologies are capable of detecting and responding to threats autonomously, many of these threats demand contextual understanding and knowledge that EDR/XDR solutions alone cannot provide. In other words, relying on EDR/XDR technology without proper management can lead to a false sense of security.

MDR services respond to this need to have the full potential of EDR/XDR in our organisation, being operated by expert threat analysts, who make use of these solutions to search for potential compromises in the telemetry that endpoints generate every minute, through Threat Hunting.

A good MDR service must always be continuously updating its knowledge of the adversaries and threats present today. That is why its analysts are constantly conducting research on the state of the art of cybersecurity to identify new Hunting rules to help identify compromises in environments.

Threat Hunting: A managed service (MDR) that aims to proactively detect and contain threats and suspicious activities on the network by utilizing the telemetry data generated by EDR and XDR technology, and following the methodology defined in the MITRE ATT&CK framework.

Incident response: Incident response is a managed service that helps organizations respond to security incidents. It is activated when an incident occurs and aims to identify and contain the malicious actor and recover the affected systems and data.