Gain a Complete, End-to-End SOC Without the Overhead

Managed Detection and Response FAQs

• What is Managed Detection and Response (MDR)?

  Despite the thousands of security tools in the market, cybersecurity teams can struggle to keep up with the changing threat landscape. This is often due to a lack of security headcounts, expertise, resources, and processes to operationalize a detection and response program.

  MDR enables organizations to stand up a turnkey 24x7 security operations center (SOC) function at a fraction of the cost of building an in-house SOC. MDR blends the necessary people, expertise, processes, and technology to rapidly detect, analyze, investigate, validate, and respond to threats across the modern environment – endpoint, network, application, and cloud services layers. By doing so, MDR customer teams can strengthen their security posture and allow their teams to focus on other security and business priorities.

• How does Managed Detection and Response (MDR) work?

  MDR is a partnership between a customer’s security organization and the service provider’s expert team, adding needed headcount to extend a customer security team's ability to detect, analyze, investigate, and actively respond to threats. Customers are able to leverage the MDR provider’s SOC team to enable 24x7 security operations coverage and implement a turnkey detection and response program.

• What are the features of Managed Detection and Response (MDR)?

  Rapid7’s Managed Detection and Response service offers premium capabilities compared to many providers in the market. Rapid7 MDR includes:

  • 24x7x365 environment monitoring from multiple global SOCs
  • Rapid7 InsightIDR technology
  • Full customer access to Rapid7 technology
  • Collaboration with a dedicated security advisor
  • Monthly threat hunting
  • Active Response to stop attackers
  • Rapid7 SOC-validated detections
  • Breach response from DFIR experts
  • Predictable, asset-based pricing
  • Unlimited alert and rule tuning
  • Compromise assessment
  • SOC experts with over 500 collective security certifications

• What is the difference between Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR)?

  EDR is a technology solution a security team uses to help to secure specific endpoints across the network and prevent stolen workstation credentials, lateral movement from threat actors, and other elusive behaviors. MDR services often use EDR technologies as a component of their detection and response capabilities, but the MDR use case goes far beyond technology alone. MDR is an outsourced service a security team leverages to extend their capabilities and expertise to better detect and respond to threats that can come from an endpoint, as well as network, user, and cloud threats.

• What is the difference between a Managed Security Service Provider (MSSP) and Managed Detection and Response (MDR)?

  An MSSP is a blanket term for a provider that can assist with many specialized services like SOC-as-a-service (SOCaaS), MDR, or management of many different kinds of security tools. MDR is a specific service – often considered a targeted subset of an MSSP offering – that a security team may leverage to help them detect and respond to threats and breaches.

• What is the difference between Extended Detection and Response (XDR) and Managed Detection and Response (MDR)?

  Extended Detection and Response (XDR) is a cloud-native, cloud-scalable security solution that finds threats earlier and responds faster by unifying and transforming multiple telemetry sources that go beyond the endpoint. MDR is a service a security team leverages to help them detect and respond to threats and breaches. Many MDR providers incorporate XDR capabilities as a way to detect and respond across the customer’s entire modern environment.