Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

3 min read

Managed Detection and Response (MDR): What’s it all About?

With so many security products and vendors on the market, it can feel like there's no practical way to evaluate them all.  Sometimes, we take the approach of selecting the product with the most recognizable brand and then hope it was the right decision. After all, you can always replace it later if it doesn't work the way you want it to, right?  The problem, of course, is that deploying tools is time consuming, costly, and potentially disruptive. There's also the cost associated with removing tools which turn out to be a bad fit.

The challenges associated with selecting the best security solution for your organization become more complicated when dealing with newer technologies.  One such offering is Managed Detection and Response (MDR).


What is MDR?

According to Gartner, MDR delivers threat monitoring, detection and response leveraging a combination of technologies, advanced analytics, threat intelligence, and human expertise in incident investigation and response. 


How does MDR work?

New call-to-action MDR typically involves a centralized Security Operations Center (SOC) where a team of security analysts, engineers, and researchers work together to provide threat hunting services and initiate killchain measures against any threats that are discovered. 

MDR companies will often provide their customers with various levels of access to the team in the SOC, allowing both management and in-house technical teams to send in requests that effectively customize the service they're receiving. This enables the creation of a baseline of what the organization's normal activity looks like versus what constitutes a threatening deviation, thus helping their partner's technical teams shore up potential gaps.

When done well, this leads over time to a highly bespoke, carefully tailored system of security alerts and procedures that is specific to an organization's environment.

MDR relies on an interplay of expert human knowledge and sophisticated technology in order to deliver the maximum amount of protection.  The overall goal for good MDR is to use this combination of human intelligence and technical innovation to provide a service that goes far beyond simply sending out an endless list of non-valuable alerts. 

MDR companies typically centralize security data gathered by various tools into a Security Information and Event Management platform (SIEM) that allows their security team to correlate information for better analysis. A SIEM usually pulls in data from multiple sources, some common examples are advanced endpoint protection (next generation anti-virus), operating system logs, firewall alerts, network traffic, and cloud services. This data gets displayed both in raw format and graphically, and MDR companies often create specific views, data tables, trend graphs, and other visualizations that the operations center team uses to look for anomalies.

Most importantly, because MDR focuses on the link between its own experts and the partner organization's team, it largely avoids the pitfalls of unmanaged security software deployments. If the partner organization needs a specific type of data to be considered higher risk than usual or needs to ensure that a specific need of their network or software environment will be met, they can simply bring this to the attention of the MDR team, whose primary goal is to customize and refine the service offering.


How to select the best MDR offering?

So, how do you identify the best MDR solution for your environment and avoid the pitfalls of poor security solution selection?  There are a number of elements that need to be weighed:

  • What technology is offered as part of the MDR solution?  Not all bundles offer the same level of protection and it's important to do as close to an apples to apples comparison as possible. 
  • Is there an opportunity to recognize cost savings by eliminating existing security expenditures? MDR solutions will vary in their ability to allow you to eliminate existing tools and maximize your investment.
  • Where is your data being stored?  Some MDR companies utilize international hosting providers, with the advent of GDPR and CCPA, it's necessary to understand where your data lives.
  • What level of Incident Response (IR) experience does your MDR vendor have?  A critical part of your MDR service is their ability to capably guide you through an IR should one occur.


MDR is an invaluable addition to an organization’s defense in depth security strategy.  With careful deliberation and appropriate due diligence, selecting the best MDR solution for your organization will result in increased environment visibility and effective cybersecurity risk management.

 

Ingalls Information Security 

Ingalls Information Security is a specialized, cyber defense company with a mission to prevent and respond to data security breaches. Our consultants, analysts, and engineers are certified and experienced professionals with diverse backgrounds ranging from military and defense intelligence, network security, and information technology, giving us domain dominance and a leading edge in cyber defense.

Our Managed Detection and Response (MDR) service is designed for advanced detection, threat hunting, anomaly detection and response guidance utilizing a defense-in-depth approach. We do this by utilizing the very latest in cloud, big data analytics technology, and machine learning along with the cybersecurity industry’s leading incident response team, to identify threats to your environment.

If you’d like to learn more, please download our MDR Guide or contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.

MDR Add-On: Stopping Cyber Threats at the Human Layer

MDR Add-On: Stopping Cyber Threats at the Human Layer

Here at Ingalls, we are committed to the evolution and continual improvement of all our service offerings and are proud to announce the release of...

Read More
Ingalls MDR has been Expanded, At No Additional Cost!

Ingalls MDR has been Expanded, At No Additional Cost!

Here at Ingalls, we are committed to the evolution and continual improvement of all our service offerings. Recently, our Managed Detection and...

Read More
What Is Attack Surface Management and Why Is It Critical to an Organization’s Security Strategy?

What Is Attack Surface Management and Why Is It Critical to an Organization’s Security Strategy?

In today's digital age every organization, regardless of industry, faces a growing threat from cyber attacks. Fully understanding attack surfaces is...

Read More