Companies continue to face an increase in data breaches from cybercriminals. In the first quarter of 2022, publicly reported breaches were up 14% over 2021, according to the Identity Theft Resource Center. That’s impressive considering that the number of data breaches in 2021, up 68%, was the highest annual total ever reported. 

As the number of breaches increases, companies are turning to managed detection and response (MDR) services to keep them safe from threats. Technological research and consulting firm Gartner forecasts that 50% of all companies will use MDR services to monitor, detect, and respond to threats by 2025. But what does a company need to consider when choosing an MDR services provider?

Lyndon Brown, Chief Strategy Officer at Pondurance, explains the ins and outs of MDR services in the webinar Demystifying Managed Detection and Response with moderator Sharon Smith. He covers what you should look for in an MDR and how to evaluate an MDR services provider.

What to look for in an MDR

People, processes, and technology are the three primary components of MDR services. A quality MDR services provider must offer all three to protect your company from cyber threats effectively.

  • People. Cyber professionals are the most critical component of any comprehensive cybersecurity service. Technology alone will not deter a motivated attacker; human attackers must be confronted by human defenders, who are available 24/7 to help your company. But, as you may know, there’s a global cyber talent shortage, and companies are finding it challenging to hire and retain professionals for in-house security teams.

“The MDR provider should be able to relieve the bulk of the burden associated with identifying and finding talent, training talent, retaining talent, and developing talent,” said Lyndon. “It really is the first pillar for the MDR provider.”

  • Process. Modern MDR providers should be able to integrate with and support your existing policies and processes and add to your cybersecurity capabilities. MDR services should include technology management, detection and response, threat intelligence, and vulnerability management.
  • Technology. Your company shouldn’t have to rip out existing tools to work with an MDR provider. Instead, the provider should build on the technology you have. Learn how MDR can provide a detection and response platform, log analysis, endpoint detection and response, forensics, and more to protect your company from a cyberattack.

How to evaluate an MDR provider

When choosing an MDR provider, major differences in the offerings can mean the difference between a cybercriminal penetrating your network and one being stopped. Choosing the right partner for your company and security protocols is important.

In your search, you should challenge an MDR provider with some crucial questions to get the answers you need. For example: Can the provider enhance your security operations while leveraging your existing technology? Are alerts reviewed by expert analysts who will alert you only when action is needed? Can the provider detect and respond across your network, log, endpoint, and cloud infrastructure? Does the provider offer incident response capabilities? Find out what Lyndon suggests you learn about potential MDR providers to identify the right vendor for your company.


As data breaches increase, companies turn to MDR providers to prevent, detect, and respond to threats. Know what to look for and how to evaluate an MDR services provider for your company.