Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Behind the MDR Curtain: The Importance of Original Threat Research

Searching for a quality-managed detection and response (MDR) service provider can be daunting, with dozens of vendors to choose from. However, in its 2023 Gartner® Market Guide for Managed Detection and Response Services, Gartner confronts the challenge head-on.

"Misnamed technology-centric offerings and vendor-delivered service wrappers (VDSW), that fail to deliver human-driven managed detection and response (MDR) services, are causing challenges for buyers looking to identify and select an outcome-driven provider," Gartner writes.

However, the need for MDR is undeniable. With organizations drowning in cybersecurity alerts, MDR offers professional help to quickly weed out false positives, analyze the remaining alerts, and focus on those that represent potential threats.

It's little wonder that Gartner predicts 60% of organizations will employ MDR by 2025, up from 30% in 2023.

 

How to Evaluate MDR Providers

Gartner's report offers valuable advice on selecting a provider.

"MDR buyers must focus on the ability to provide context-driven insights that will directly impact their business objectives, as wide-scale collection of telemetry and automated analysis are insufficient when facing uncommon threats," the Gartner MDR report says.

"Context-driven insights" and "uncommon threats" are the key phrases. Most MDR providers can detect well-known threats, but it takes a provider with deep resources and experience to find new or otherwise unusual threats and put them in context—meaning understand the danger they represent and what to do about it.

When evaluating MDR providers, it makes sense to ask about the resources each one has at its disposal to identify and respond to threats. As previously discussed, the "response" part likely gets into what other ancillary services the provider offers, such as whether it has a Digital Forensics and Incident Response (DFIR) team.

The ability to identify threats depends on at least a couple of critical factors. One is the tools the provider uses, including your endpoint detection and response (EDR) platforms and a security information and event management (SIEM) platform. Another is the threat database the MDR provider has at its disposal.

 

Why the MDR Threat Database is Crucial

That threat database is where things can vary widely from one MDR provider to another. Some may rely, for the most part, on the EDR, SIEM, and other tools being up to date with the latest threat signatures. Others have research teams that do original threat research, meaning they have security professionals dedicated to finding new threats.

At the same time, some MDR providers offer other offensive security services, such as penetration testing and threat hunting. In the course of their work, these offensive teams also find new threats, which are then added to the threat database – and are shared to the benefit of all MDR customers.

For example, Trustwave discovers more than 1 million new malicious URLs monthly across its various products and services, including MDR, pen tests, DFIR engagements, threat hunting, the SpiderLabs research team, and the MailMarshal email security offering. These URLs can be new forms of malware, spam, or phishing sites just waiting to lure in victims, often from phishing attacks.

What's more, between MailMarshal and the SpiderLabs research team's artificial intelligence-based engine, Trustwave detects some 12,000 previously unknown threats daily. You read that right: 12,000 previously unknown threats each day.

These threats immediately become available to all Trustwave security offerings, including MDR. The depth and breadth of the threat database are differentiators for the Trustwave MDR service, along with the availability of additional services such as DFIR and threat hunting that can help you eradicate any threats the MDR service turns up.

We encourage you to ask other providers how they're keeping up with the latest threats and whether they've got their threat research team, like Trustwave SpiderLabs.

Latest Trustwave Blogs

How Deepfakes May Impact Upcoming Elections Worldwide

The common fear regarding election interference is that a threat actor will gain access to either ballot machines or the networks that tally votes. However, there is a much easier method a person...

Read More

Get to Know MXDR: A Managed Detection and Response Service for Microsoft Security

The Microsoft 365 E5 license gives users entitlements to numerous Microsoft Security products—so many, in fact, that as companies deploy the Microsoft Security suite, they may need a managed...

Read More

Trustwave eBook Now Available: 8 Experts on Offensive Security

It is now obvious that defensive measures alone are no longer sufficient to protect an organization from cyberattacks. Threat actors are increasing their capacity at such a rate that merely sitting...

Read More