Top Managed Detection & Response (MDR) Service Providers 2021

Rapid7’s MDR program includes a dedicated security advisor and full access to its cloud SIEM platform for improved monitoring capabilities. Proactive threat hunting combined with threat intelligence provides a large amount of information on attempted attacks and helps organizations fortify their defenses against known malware. Rapid7 creates custom security guidance for its customers, providing end-to-end protection. Plus, they validate each detection within their own team before passing the information onto the business.

Pros

• Support is very communicative about changes and updates
• Low number of false positives despite the large number of logs it ingests each day
• Organizations can create custom parsing rules for logs of internal applications

Cons

• Some customers have had trouble using the platform with Azure
• The dashboards and reports need improvement

Sophos Managed Threat Response combines an advanced machine learning (ML) algorithm with highly trained security experts to contain and neutralize threats. Organizations can customize the response, including who the MDR team notifies about events, what actions they take to remediate them, and how they escalate potential threats. If you have an in-house security team, the Sophos MDR team will also collaborate with them to handle threats more efficiently.

Pros

• Provides quick support through the phone line
• Offers an API interface where companies can pull their own threat statistics
• The threat response team is very helpful and knowledgeable

Cons

• Don’t provide access to the tools they use
• Only works with Windows workstations and servers

Arctic Wolf’s security analysts work with your existing technology stack to pull security event data from a variety of sources. They handle all of the security investigations to reduce alert fatigue on your internal team and reduce the time they spend chasing false positives. Root cause analysis helps explain how the attacks happened and allows organizations to create new rules and procedures to prevent them in the future. Arctic Wolf also provides security assurance to provide financial assistance in the event of a security breach.

Pros

• Knowledgeable and likeable support team
• The dedicated representative actually gets to know the company’s environment
• They provide monthly reviews of the environment with suggestions on what to improve

Cons

• Some redundancies or overlaps with in-house teams
• The risk portal doesn’t have as many filters as some clients would like

CrowdStrike MDR boasts the ability to eradicate threats within minutes, reducing the amount of data that attackers have access to. The team consists of experts in both threat hunting and incident response, and their global threat intelligence provides context to respond to events faster. The MDR service includes the Falcon platform, which is completely cloud-native, making it easy and fast to deploy. The Breach Prevention Warranty also backs the service, covering costs in the event that a company does suffer a breach while working with CrowdStrike.

Pros

• Very responsive to problems or general questions
• The service is easy to deploy and integrates well with other security systems
• Low resource requirements, meaning it doesn’t slow down devices

Cons

• Updates to the user interface (UI) can sometimes take time to learn
• The firewall management add-on is fairly basic compared to similar products

Secureworks Taegis MDR provides an extended detection and response (XDR) platform with human expertise to quickly respond to and remediate threats. The protection extends to endpoints, networks, and cloud environments, covering all of the entry points attackers might use to get to an organization’s data. The interface is easy to use and helps employees collaborate on investigations while checking any conclusions with the Secureworks team. Plus, quarterly meetings with the Secureworks Threat Engagement Manager allow organizations to discuss and implement new security trends and best practices.

Pros

• The team is very responsive and addresses threats quickly
• Secureworks listens to its clients and makes relevant product upgrades
• Provides a personalized experience

Cons

• Some clients had minor performance issues with Secureworks on their cloud servers
• Doesn’t offer much of a mobile experience for monitoring

Cybereason MDR uses a severity score to prioritize each alert, reducing alert fatigue in an organization’s security team and ensuring that they don’t miss a critical notification. The platform can be operational in just a few hours and takes only minutes to detect, triage, and remediate threats. Additionally, the reporting feature provides a detailed breakdown of every malware attack. There are three package tiers available, but organizations will have to upgrade to the highest level if they want proactive threat hunting.

Pros

• Works closely with an organization’s operations team and improves the efficiency of security processes
• Easy to integrate with other security tools and simplifies workflows
• Analysts provide accurate reports quickly

Cons

• Some customers would like more canned, high-level reports for executives after a threat has been remediated
• Contacting Cybereason analysts could be easier

FireEye Mandiant provides a large amount of context to alerts, so organizations can prioritize the most critical threats first. The FireEye experts work with an organization to train and advise their internal security team to improve the overall defenses. Proactive threat hunting helps detect and stop hidden breaches or potential attacks before they disrupt a company’s network by adapting to the attacker’s changing behavior in real-time. Plus, it works with existing security technology to improve visibility and remediation.

Pros

• Resourceful in identifying threats to a network
• The FireEye team is very responsive and provides helpful alerting
• Can perform advanced incident response activities like reverse malware engineering thanks to good backend support

Cons

• Some customers would like more alert types
• The licensing can be expensive compared to similar products

SentinelOne Vigilance offers a couple of different options for MDR. Organizations can choose MDR on its own, which provides a dedicated security operations center (SOC) that monitors their environment for changes around the clock, or they can choose MDR combined with digital forensics analysis and incident response (DFIR). This option gives companies 24/7 monitoring, but it also helps them simplify their investigations and incident response. AI-driven technology detects threats on the network, and then the security analysts perform a thorough forensic investigation to find the root cause, remediate the threat, and help the business fortify against future attacks.

Pros

• The SOC is willing to provide additional information about threats to help companies improve their security procedures
• Easy to integrate and reduces security workloads on internal teams
• Accurate and responsive to incoming threats

Cons

• Some incidents incidents take longer to close than expected
• Can provide a lot of false positives, especially in the beginning.