top of page

MDR - Managed Detection and Response

shutterstock_1007427868.jpg

Anitvirus is no longer enough.

When we develop overlapping layers of defense, the Endpoint protection portion is our last line of defense against threats. In years past, Antivirus was the gold standard in protection.

 

The threat landscape has dramatically changed in the last 5 years with mass ransomware events such as SolarWinds, Kaseya, and others occurring at a dizzying pace. Millions of machines were ransomed by inserting malicious code into legitimate programs.

 

Endpoint Detection and Response (EDR) solutions are watching the behavior of all programs and blocking them from doing inappropriate things (such as encrypting your computer at 3am!).

Image by Kevin Ku

This is a substantial improvement from Antivirus (or even Next Generation Antivirus) but is still a problem when there is a “possible-but-not-certain” finding from the EDR tool. First, someone must be looking at the logs and that same someone must analyze and make a determination on whether something is a threat. This is something most IT professionals are not trained to do and so it becomes a very laborious process.

 

Managed Endpoint Detection and Response (MEDR) is the answer. MEDR software feeds data back to a 24x7 Managed Security Operations Center (MSOC) team for analysis, isolation (if necessary) and remediation (when possible). This prevents spread and reduces IT team labor because they only need to interact with the MSOC team occasionally when remote remediation is not possible.

 

Reduce endpoint threats, reduce IT labor dealing with threats, and focus on serving the organization’s strategic goals.

bottom of page