Defense & Operations
MDR (Managed Detection and Response)
Also known as: Managed Detection and Response, Managed SOC
Definition
A managed service in which an external provider operates detection, threat hunting and incident response on behalf of a customer, typically using EDR/XDR and SIEM telemetry.
Examples
- An MDR provider isolating a compromised laptop and resetting credentials within 20 minutes of a Cobalt Strike beacon detection.
- A mid-size retailer outsourcing 24x7 detection of EDR alerts to Sophos MDR while its IT team handles recovery.
Related terms
Security Operations Center (SOC)
A centralized team and facility that continuously monitors, detects, investigates and responds to cybersecurity incidents across an organization's IT estate.
EDR (Endpoint Detection and Response)
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
XDR (Extended Detection and Response)
A security platform that unifies telemetry from endpoint, network, identity, email and cloud sensors to deliver correlated detections and integrated response actions.
SIEM
A platform that aggregates, normalizes and correlates security telemetry from across the enterprise to enable detection, investigation, compliance and reporting.
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.
Threat Hunting
Threat Hunting — definition coming soon.