Headline
Introducing Malwarebytes Managed Detection and Response (MDR)
Categories: Business With Malwarebytes MDR, our team of cybersecurity professionals acts as an extension to your security team.
(Read more…)
The post Introducing Malwarebytes Managed Detection and Response (MDR) appeared first on Malwarebytes Labs.
With our Managed Detection and Response (MDR) service now generally available for businesses and MSPs, you may be wondering: What is MDR, how does Malwarebytes MDR work, and do I need it?
Underpinned by our award-winning EDR technology, Malwarebytes MDR offers powerful and affordable threat prevention and remediation services, provided by a team of cybersecurity experts that remotely monitors your network 24/7 to detect, analyze, and prioritize threats.
Learn more about Malwarebytes MDR
Malwarebytes MDR
MDR is a service that provides proactive, purpose-built threat hunting, monitoring, and response capabilities powered by a team of advanced cybersecurity technicians, combined with the analysis of robust correlated data. It takes the guesswork out of your most complex cybersecurity threats by delivering 24/7 threat detection, rapid alerts, prevention, and remediation.
Malwarebytes MDR defends your network every day and all night, safeguarding your data, reputation, and finances with always-on dedicated protection.
While it’s technically possible for SMBs to build out their own MDR program in-house, doing so is a time, expense, and effort equivalent to starting an entirely new IT security department. You’ll need to build out your own SOC facilities, hire a minimum of five full-time employees to provide 24/7 coverage, and so on. That’s why many SMBs opt to outsource their MDR to a service provider.
Our experts are your experts: With Malwarebytes MDR, our team of cybersecurity professionals acts as an extension to your security team, ensuring that you have the staff, skill, and experience you need to maximize your cybersecurity posture on a 24/7 basis.
Malwarebytes MDR
Malwarebytes MDR workflow
To recap, the basic workflow for Malwarebytes MDR goes like this:
The Malwarebytes MDR team monitors and analyzes your system, checking for IOCs and threat hunting, and finds something malicious.
Our MDR team sends you an email alerting you to the threat and asking you to go to the MDR portal in Nebula.
You log into Nebula and click on the MDR portal in the upper-righthand corner.
In the main portal view you can see a basic log of everything that the analysts have done on that specific system. Click “Go to Case” for more details on specific threats.
Clicking “Go to Case” will bring you back to Nebula for whatever suspicious activity or alert that the MDR team needs you to remediate.
You do the remediation, go back to the MDR portal, and tell the MDR team that you’ve completed it.
The MDR team closes out the alert.
How it works
Malwarebytes MDR workflow
It all starts with contextual enrichments. EDR alerts are enriched with context from threat intelligence feeds:
Customer telemetry data from all deployed Malwarebytes products ingested.
- EDR (including Brute Force Protection) and Cloud Security Modules
Threat intelligence feeds from multiple sources ingested
Premium external threat feeds
Internal Malwarebytes feeds including crowd-sourced intelligence from the entire Malwarebytes customer base (B2B and Consumer)
Open-source feeds
Telemetry data and threat intelligence correlated with alert
- Generates additional context to the alert (e.g., more clues to the behavior and origin)
The MDR Analyst Team monitors endpoint alerts 24x7 to field incoming alerts:
Artifacts of alert rapidly reviewed and prioritized for triage
- Automations sift through the artifacts (processes, actions, etc) to identify most interesting
Case opened on each artifact requiring triage
- Notification provided to customer within MDR Portal
Case analyzed by MDR Analyst team
Deep analysis and review leveraging enriched alerts
Escalation to Tier 3 analysts, 2nd opinions within the team
‘Best course of action’ decided and communicated
MDR Analysts communicate one of two possible decisions via the customer portal:
Customer verification of artifact required
Remediation required
Then comes the options for remediation:
Malwarebytes managed
Malwarebytes automatically provides remediation by removing threats using EDR capabilities
Re-boot, re-imaging, and other onsite tasks will require customer involvement
Collaborative
Malwarebytes notifies customer who can authorize managed remediation or perform remediation themselves
Work together to take care of it outside of biz hours, etc
Manual (customer does it, guidance from MWB)
- Malwarebytes provides notification to customer with detailed guidance to perform remediation themselves
Finally, for case closure:
Closure notification to customer within the MDR portal
History of closed cases available for compliance and reporting needs
- Case event details available to customer
Want to learn more?
If you want to know more about MDR and if it’s right for you, check out these resources:
- ****Get the eBook:** Is MDR right for my business?**
- ****3 ways MDR can drive business growth for MSPs****
- ****Cyber threat hunting for SMBs: How MDR can help****
- ****EDR vs MDR vs XDR–What’s the Difference?****