FAQ

Top Managed Detection and Response Questions and Answers

What is managed detection and response?

I’ll start with the Gartner definition: Managed detection and response — or MDR — services provide you with remotely delivered modern security operation functions. This allows you to quickly detect, investigate and actively respond to threats through threat mitigation and containment.

An MDR provider can work as your security operations team or be an additional resource to your current team to stop threats from getting in.

With Pondurance MDR, you’ll get a dedicated team of U.S.-based elite analysts working 24/7 to protect your business from cyber threats, while reducing the number of alerts your team has to handle.

We have the technology and people, we integrate with your existing team and tools, and work to continuously reduce your cyber risk over time.

Our team can be up and running in weeks, accelerating your plans while maximizing your resources and budget.

How do we get 24/7 coverage from your managed detection and response services?

Pondurance’s security analysts are U.S. citizens based in the U.S. We work in shifts to operate 24/7.

Our security operations centers are powered by highly skilled analysts, threat hunters, and incident responders that are always available to respond.

We know it’s difficult to find and retain the right security talent, but we are able to compete for the best talent in the industry. We make our experts available to you with our services.

Why should I choose Pondurance MDR over other services?

There are many providers on the market and many options when shopping for a cybersecurity solution. With Pondurance MDR:

  • Your data is your data, you have full access to it at all times. This means you get access to the same SIEM tools as our analysts.
  • We provide guided personalized recommendations tailored to your specific cybersecurity needs, we’re not one size fits all!
  • All of our analysts are US citizens and our SOCs are based in the US. Your data will never leave the US border.
  • Our strong cybersecurity consulting practice enhances your MDR because we know the difference between compliance and security
  • We integrate with your existing security control investments so you don’t need to rip and replace!
  • We will also provide end-to-end management of leading endpoint detection and response platforms, like Crowdstrike and SentinelOne

If you want more information on how we can fit with your current set up, reach out to us to talk to an expert, no hard sells. We promise!

Can we use our own endpoint detection and response vendor with your services?

When you sign up for our managed detection and response services, you have a couple of options for managed endpoint detection and response vendors.

You are welcome to keep your existing solution as we can ingest data from leading EDR platforms and create alerts.

OR you may want to use one of our endpoint detection and response solutions that provides real-time analysis conducted by trained individuals who can find things that tools tend to miss.

Either way, your endpoint data is covered with our MDR services.

Can you log data from on-premises and cloud?

Yes! We can ingest data across endpoint, network, log and cloud environments. 

This includes: 

  • Remote laptops, tablets, mobile devices and desktops
  • Data centers
  • Machines in your office
  • Data from cloud environments like AWS, Azure and Google Cloud Platform
  • Software-as-a-Service data
  • And Office 365 data 

We call this 360° visibility as we can ingest any data you would like us to monitor for a potential threat! With this added security, you will truly have a modern security program.

Can you monitor O365 and OneDrive data?

Yes! We can integrate with your Office 365 and OneDrive instances to detect, investigate and respond to threats.

We can provide you details into security events, user logins, failed user logins, logins from other countries, any invitations that were shared, new inbox rules created, any rule sets that were forwarded, and impossible travel activity to name a few.

There’s quite a bit of data that we can pull from Office 365, share it with you as a dashboard and be the first line of defense if there is ever an incident.

Do I need to take action for incident notifications, or do you take any steps on my behalf?

Our managed detection and response platform, SCOPE, analyzes billions of events, surfacing any perceived threats to our analysts for confirmation and validation.

Since perceived threats are generated by technology, which is not always 100% accurate, we have real live U.S.-based human analysts review them. They use their knowledge and toolsets that are unavailable to automated systems.

Analysts verify each perceived threat as either a false positive or an actual threat.

Only the actual threats are reported to you, greatly reducing your alert fatigue.

All actual threats are communicated to you through SCOPE with insights and context describing what was found, where it was found, how it was found, and what needs to happen next.

If there is a pre-approved response action, we will take it immediately. Often, that’s containment of a device to stop the spread of a threat. No one wants to let a ransomware attack sit untouched!

If needed, we also provide full incident response services for any declared events as well as an option for an incident response retainer.

When seconds count, we’re there to combat any threats.

Does your MDR service provide proactive guidance of steps to take in case of new vulnerabilities like log4j?

Yes! We want to make sure that you are in the loop every step of the way and that includes proactive guidance on widespread vulnerabilities.

Our dedicated team of security analysts are always researching new threats and vulnerabilities. They send detailed communications with steps necessary to keep your organization protected. This is all communicated through our managed detection and response platform, SCOPE.

Don’t have time to check SCOPE every day? No problem! You will receive an email notification as well.

For clients that subscribe to our vulnerability management service, we are able to pinpoint instances of the vulnerability in your environment and guide you through remediation.

You’ll never be left in the dark when it comes to emergency patches and timely notifications about widespread threats.

How long does MDR take to implement?

We know that you want to get up and running with managed detection and response quickly!

Once you sign up with us, you will be assigned to one of our implementation teams with both project management and technical professionals. They will quickly and efficiently get you up and running in about 4-6 weeks.

During this time, we provide all tools, analytics, cloud setup and account access as well as walk you through internal deployments of hardware and virtual components including log forwarders and agents.

You’ll be up and running quickly and will enjoy the added security of Pondurance MDR!