Managed Detection and Response (MDR) is a new term coined by analysts with quick adoption by cybersecurity vendors as the next step in securing your company and your data. These services have taken off because the key to a successful cybersecurity plan is to have layered defenses that address multiple threats. This is where an MDR provider shines. MDR services allow you to not only monitor more of your attack vectors, but they also help you take steps to stop the attack, remediate the assets that have been attacked and protect them from being attacked again.
MDR has brought with it new capabilities, but also a new vocabulary that might not be as familiar to you. So we’ve compiled a Managed Detection and Response glossary to help.
Managed Detection and Response Glossary of Terms
Anti-Virus/Anti-Spam: Antivirus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more. With anti-spam software, emails that have suspicious content are flagged and then immediately sent into a spam folder, instead of going into the regular inbox.
Endpoint Detection and Response: A second-generation endpoint security solution focused on advanced threats, including continuous monitoring and response. Endpoint detection is sometimes sold as a stand-alone product but is more effective when combines with an MDR solution for a layered defense.
Firewall: A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and an untrusted external network, such as the Internet.
Intrusion Detection System (IDS): A hardware or software appliance that provides real-time monitoring of network traffic and creates automatic alerts upon detection of indicators of compromise (IOCs).
Incident Response: An organized, systematic approach to addressing the impacts of a security incident or data breach to limit the damage to the infrastructure and the business.
Managed Detection and Response (MDR): A comprehensive service for continuous monitoring, infrastructure management, threat detection, and incident response provided by a third-party vendor.
Managed Service Provider (MSP): An IT vendor that provides a service, software, or technology, such as remotely managing IT infrastructure, on a subscription basis.
Managed Security Service Provider (MSSP): A company that provides 24×7 management, monitoring, and maintenance of security services, such as firewalls, intrusion detection, and prevention systems, and other security solutions at a fixed subscription cost.
SIEM (Security Information and Event Management): An integrated system that combines security information management and security event management to collect and correlate security events and alerts.
SOC (Security Operations Center): A centralized approach that combines security technology, people, and processes to manage threats—from prevention and detection to investigation and response.
Threat Hunting: Proactive searches of data to identify stealthy threats that have evaded perimeter controls and are hiding on the network or endpoints.
Threat Intelligence: Evidence-based data about current and potential threats, including context, indicators of compromise, mechanisms, and actionable information.
Unified Threat Management: A category of security appliances that integrate a range of security features into a single appliance. UTM appliances combine firewall, gateway anti-virus, and intrusion detection and prevention capabilities into a single platform.
Web Application Firewall: A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF can filter the content of specific web applications. In contrast, regular firewalls serve as a safety gate between servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
Web Content Filtering: Web content filtering can prevent people in your organization from accessing web pages that may harbor computer viruses or malware, or from viewing inappropriate material that could lead to HR issues. By preventing access to selected web pages, web content filtering solutions can strengthen an organization´s cybersecurity defenses, increase productivity, and avoid HR issues before they begin.
SilverSky provides robust MDR solutions that are affordable for small- and medium-sized businesses. If you would like to discuss your specific needs, contact us.