MDR (Managed Detection and Response)
What is MDR (Managed Detection and Response)?
MDR (Managed Detection and Response)A managed service in which an external provider operates detection, threat hunting and incident response on behalf of a customer, typically using EDR/XDR and SIEM telemetry.
Managed Detection and Response (MDR) is a subscription service delivered by a 24x7 SOC provider that combines technology (EDR, XDR, SIEM, NDR) with human analysts, threat hunters and IR responders. Customers route telemetry to the provider, who triages alerts, validates incidents, executes containment actions (host isolation, account disable) and coordinates remediation against defined SLAs. MDR is particularly suited to organizations that lack in-house SOC capacity or need follow-the-sun coverage, while remaining responsible for governance, risk acceptance and recovery. Common providers include CrowdStrike Falcon Complete, Sophos MDR, Arctic Wolf and Red Canary.
● Examples
- 01
An MDR provider isolating a compromised laptop and resetting credentials within 20 minutes of a Cobalt Strike beacon detection.
- 02
A mid-size retailer outsourcing 24x7 detection of EDR alerts to Sophos MDR while its IT team handles recovery.
● Frequently asked questions
What is MDR (Managed Detection and Response)?
A managed service in which an external provider operates detection, threat hunting and incident response on behalf of a customer, typically using EDR/XDR and SIEM telemetry. It belongs to the Defense & Operations category of cybersecurity.
What does MDR (Managed Detection and Response) mean?
A managed service in which an external provider operates detection, threat hunting and incident response on behalf of a customer, typically using EDR/XDR and SIEM telemetry.
How do you defend against MDR (Managed Detection and Response)?
Defences for MDR (Managed Detection and Response) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for MDR (Managed Detection and Response)?
Common alternative names include: Managed Detection and Response, Managed SOC.