Optimize Your Security Investments with the Right MDR Provider

Traditionally, Managed Detection and Response (MDR) providers deliver MDR in one of two ways. The first is to use the customer’s existing technology with select and heavily curated third-party technology integrations.

“They are what we call ‘bring your own technology’ providers,” says Eric Kokonas, Global Head of Analyst Relations with Sophos. “Those providers take advantage of a customer’s existing tool set. They say, you’ve made investments in security tools. We’re going to provide the people and processes, and we’re going to help you leverage those tools to detect and respond to advanced threats.”

The second common way vendors offer MDR is by delivering services across their own proprietary technology.

“These providers offer expansive tool sets, product portfolios, and platforms. They say, ‘You’re using our platform. Let us provide these services as a wrapper. On top of that we’ll provide people to work with our tool sets,’” says Kokonas.

Understanding the Pros and Cons

There are obvious pros and cons to both approaches. The first option may be appealing because it doesn’t require investing in new tools. But the downside to this approach has typically been a lack of truly comprehensive MDR service. MDR providers who operate with this model may be limited with what response actions they can execute on behalf of the customer, says Kokonas.

With the second option, the obvious upside is having a more robust service from a vendor that can execute more response actions with their own platform. The downside: some of their tools may not be compatible with the customer’s existing tools.

In this scenario, “you have to rip and replace whatever you might have already invested in,” says Kokonas.

The Best of Both Worlds in MDR

Sophos approaches MDR by combining the strengths of each model. This removes technological barriers that have historically limited what managed security services can handle by integrating telemetry from third-party endpoint, firewall, cloud, identity, email, and other security technologies. The result? Customers no longer have to rip-and-replace their existing security technologies to take advantage of the MDR services.

“They’ve purchased these tools, and they are content with them. And many are struggling with a skills gap, so they look to an MDR provider to help them to be able to use these tools effectively,” he notes.

Sophos MDR is compatible with telemetry from many of the best-known vendors in security. In addition, the information is automatically consolidated, correlated, and prioritized with insights from the Sophos Adaptive Cybersecurity Ecosystem and the Sophos X-Ops threat intelligence unit.

Kokonas says regardless of whether the customer is using existing Sophos tools, or wants to make the most of other tools, the Sophos MDR platform gives them visibility into all parts of their organization. Sophos MDR offers a single view that can be used to act against possible threats versus disparate views into multiple security controls.

Sophos MDR has the best of both traditional models of service. The Sophos operations team can quickly understand the who, what, when, and how of an attack, and can respond to threats across customers’ entire ecosystems within minutes.

The Sophos MDR operations team can also use third-party vendor telemetry to conduct threat hunts and identify attacker behaviors that evaded detection from deployed toolsets. Learn more about the Sophos MDR service today.