Managed Detection & Response (MDR) is an outsourced cybersecurity service that provides organizations with real-time 24/7 monitoring, detection, and response to security incidents without the immense challenge and expense of standing up an internal 24/7 Security Operations Centre (SOC). In the same way that MSPs like F12 bring together technology, services, and processes to fill an organization’s IT needs, MDR brings together technology, services, and processes to address cybersecurity.
MDR supplants the need for Security Information and Event Management (SIEM). Traditionally, organizations would invest in SIEM and then watch the events roll in. Anyone who has worked in this space can attest to the tremendous burden of managing a SIEM. With the millions of events that occur across networks every hour, it is truly hunting for a needle in a haystack. And, that is not to say anything about the immense challenge of responding quickly to an identified threat, shutting it down before it spreads.
The National Institute of Standards and Technology (NIST) has a helpful cyber security framework. You can immediately see that IT has traditionally focused on the protect and recover functions. We put in place technology, services, and processes to keep the bad guys out. And, we make sure we have a path to recovery to restore operations in the unfortunate event of a breach. F12 is very experienced at both those pillars.
MDR fulfils the detection and response functions of the NIST framework.
Think of it this way. The building code provides numerous regulations to prevent a fire. Insurance provides a method to recover losses from a fire. But, you need detectors, 24X7 response centers, automated fire suppression, and a standby fire department to quickly detect and respond to a fire.
But, what about identify? Stay tuned for a future blog post on that.
What does F12 do for customers subscribed to MDR ?
- We deploy the agent to endpoints, servers, Microsoft 365, Azure, and G-Suite
- We define the security runbook with our client
- We serve as the escalation point for identified security incidents
- We provide regular summary reports, including recommendations based on findings
- We provide live board-level security presentations upon request
How can a Client Get MDR from F12?
MDR is part of the F12 Secure solution and is built into F12 Infinite Ultimate. As well, it can be added a-la-carte to any other client on a cost-per-user basis. We have the best MDR solution available in the marketplace.
F12 Insider Info
We use MDR internally across all our endpoints and servers. We validate the service in our annual Red Team exercises, (we hire security professionals to try and hack us, externally and internally) to test our tools and our own internal response to an active threat. In last year’s test, MDR identified and shutdown the attack within seconds. We also undergo rigorous annual assessments of our Security, Privacy, Confidentiality, and Availability under SOC 2 Type 2. We use the learnings from these tests to improve our security stack, systems, and processes. In fact, we have uncovered popular security technologies that did not deliver when push comes to shove. We continuously remove and replace weak solutions from F12’s security and that which we provide to our customers.
Not a client, have questions, or are interested in learning more?