What is Managed Detection and Response?

Managed detection and response (MDR) services offer more comprehensive threat detection and response capabilities by augmenting cybersecurity tools with human support. MDR integrates, synthesizes and contextualizes security and other event information to hunt for, understand and respond to security incidents. MDR is a critical tool for containing, resolving and hardening against future attacks.

Why do you need MDR for your business?

It’s a struggle to maintain a 24×7×365 security posture. Small and medium-sized businesses are often attractive targets for bad actors looking to steal valuable data, extort money from their victims and more. These businesses often do not have sufficient security expertise to fully protect their IT network structure, drawing attention from cybercriminals as a result.

 

With MDR, your business can...

MDR icon

Optimize existing investments in Webroot security solutions

MDR icon

Reduce the impact of successful attacks

MDR icon

Hunt, respond to, contain and remediate threats in real-time

MDR icon

Achieve a higher security compliance and posture with common standards

MDR icon

Benefit from best-in-class AI augmented by 'always there' human experts

MDR icon

Onboard quickly with curated engagement for real-time monitoring and reporting

Webroot MDR offering is unique in the marketplace

  • DNA of Threat Detection
  • Human Expertise
  • Low Management Overhead

How does MDR enhance business cybersecurity?

MDR services are an affordable way for businesses of all sizes to benefit from 24x7x365 eyes-on-glass, hands-on-keyboards cybersecurity. Staffed by former intelligence agency professionals and boasting some of the highest threat detection rates in the industry, Webroot MDR powered by Blackpoint can make cybersecurity capabilities a reality for any organization, including:

MDR icon

Live Asset Visibility

MDR icon

Multi-Point Threat Detection

MDR icon

Lateral Spread Detection

MDR icon

Privileged Account Monitoring

MDR icon

Immediate Threat Response

MDR icon

Remote Access Monitoring

MDR icon

Insider Threat Visibility

MDR icon

3rd Party Integrations

MDR icon

Risk & Compliance Reporting

Insurance and compliance support

Today’s cybersecurity insurance providers frequently require an MDR solution as a prerequisite for coverage. Additionally, MDR can help achieve compliance with common data security standards issued by organizations like NIST, ISO, HIPPA, PCI and others. Webroot MDR powered by Blackpoint can assist organizations in meeting these standards.


*with Webroot® Business Endpoint Protection     **Add-on capabilities required.

Capability Mapping
Webroot MDR powered by Blackpoint
1. Endpoint Detection Capabilities
Detects / Eradicates known malware
MDR *
Data Loss Prevention (DLP)
MDR
File Integrity Monitoring (FIM)
MDR **
Host-based Intrustion Detection / Intrusion Prevention System (IDS / IPS)
MDR
Network threat / anomoly detection (e.g. lateral movement)
MDR
User Behavior Analytics (UBA)
MDR **
2. Threat Types Detected
Malware (crimeware, ransomware, trojans, exploit kits, etc.)
MDR *
Misuse of legitimate applications (PowerShell, WMI, MSHTA)
MDR
File-based attacks (Microsoft Office, Adobe, PDF, etc.)
MDR
Unwanted software (browser toolbars, PUPs)
MDR *
Insider threats (malicous employee, compromised credentials)
MDR **
Accidental release of data
MDR **
Suspicious user activity
MDR **
Suspicious application behavior
MDR
3. Threat Prevention
Malware (crimeware, ransomware, trojans, exploit kits, etc.)
MDR *
By whitelisting, blacklisting, sandboxing, etc.
MDR Partial
Before they execute, or during execution
MDR Partial
Prevention capabilities continue to function even when the endpoint no longer connected to the Internet or corporate network
MDR for roaming devices
MDR for fully offline offenses
4. Response Capabilities
May integrate with a Security Operations Center (SOC) to provide response, could be outsourced (e.g. via a Managed Detection & Response (MDR) Managed Service Provider (MSSP)
MDR
Isolate an endpoint from the network
MDR
Kill processes and/or banning specific applications
MDR
Delete files and/or registry keys
MDRnot automatically
Revert to last know good state
MDRnot automatically
Investigate endpoint activity to understand attack progression and root cause
MDR
5. Reporting
Overview of why threat was detected
MDR
Ability to gather indicators of compromise (IOCs) from every detected threat
MDR
Timeline analysis of event
MDR
Endpoint and user information provided
MDR
Threats classified by severity
MDR



 

Find out how Webroot MDR
can help secure your business.