What’s the difference between MSSP and MDR?

Welcome to the third installment of Milton Q&A, where you ask the cybersecurity questions that are on your mind and I answer them. This week we are looking at the difference between MSSPs and MDR. Buckle up for this one, there’s a lot of acronyms and terms to cover.

MSSPs (Managed Security Service Providers) provide two primary services: Monitoring your security logs and managing some of your security systems. In order to monitor security logs, they will put them all into a Security Information and Event Management (SIEM) tool and then build rules to alert on events. On the management side, they commonly use EDR, Endpoint Detection Response or sometimes referred to as EDTR (Endpoint Threat Detection Response), as well as managing your firewalls and other network security tools. This type of security focuses on managing the physical devices on the network, rather than the network itself. The focus in an MSSP is defensive, preventative security measures and controls.

The traditional MSSP approach is less hands-on when it comes to detecting and responding to an incident, often leaving it up to the organization to handle. The MSSP often has an incident response capability that will be billed at very high rates to the client. If the organization is not equipped with MDR experts, it may not be able to respond quickly enough to prevent a security breach, instead leaving it up to a PR firm to deal with the fallout.

Of course, prevention is very important to keeping your data safe. However, detection and response are also critical. The question is not if something bad is going to happen, but WHEN something bad is going to happen. The Milton Security MDR (Managed Detection & Response) services focus on monitoring network traffic and data in real time, actively hunting for threats that have slipped past preventative measures. The certified SOC Analysts on the Milton Threat Hunting Team will report on incidents and team up with your company to analyze the incident, identify the threat level, and designate the proper incident response to contain the threat in real-time, without being told. After all, Detection & Response is in the acronym.

Milton also employs XDR, or Extended Detection & Response, which automatically collects and correlates data across multiple security layers. Remember over the last two weeks when we talked about all the different data sources we pull from and the powerful trio of Norbert, Ptolemy, and Magnet? That’s XDR in action. It allows the Milton Security certified SOC Analysts to be more efficient, leaving more time for threat hunting and response.

I hope that helps and thanks for sticking with me through all of the alphabet soup. If you have additional questions about anything we covered today, just send us your question through the form!

Learn more about how Milton MDR works here