This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.

Social Media Links

| 4 minutes read

The 80/20 Rule in MDR: People, Not Technology, Catch the Biggest Threats

While Managed Detection and Response (MDR) takes advantage of the latest technology, it is important to recognize that humans are still the best at making the complex, nuanced decisions that are sometimes necessary in protecting your network. Eighty percent of threats are detected through automated tools, but it’s the unusual 20% that require an experienced human eye. You can tell what the leading Managed Detection and Response (MDR) solutions are by the quality of their security experts.

By combining a customized mix of technology with skilled cybersecurity professionals, an MDR provider can analyze vast quantities of event data and quickly identify suspicious activity. By utilizing this combination of people and technology, MDR providers will detect a greater number of threats and respond more quickly than you can through manual processes alone. Ultimately, this helps your business protect your assets in real time from even the most sophisticated attacks. 

Four Reasons Why It’s Critical That Managed Detection and Response (MDR) Providers Use Both Technology and Human Expertise

  1. Comprehensive analysis

    The use of technology can help identify your company’s potential security risks, but it is often not enough to provide a complete picture. Human experts provide valuable insights into your company’s potential threats and can better assess the severity of a threat in order to take appropriate action.

  2. Higher accuracy and efficiency

    Security tools are efficient at identifying known threats, but they don’t always detect novel patterns of anomalous activity. Human experts review the results of the work the technology tools perform to ensure that the potential threat analysis is accurate. Additionally, constant adjustments to detection playbooks are made to make sure nothing is missed. This combined effort provides the best possible chance of stopping an attack before it happens or minimizing the damage if an attack does occur.

  3. Better alert analysis

    Having a team of security professionals available helps make sense of any alerts that are generated, which can be difficult to do with just automated tools. There are always new threats to watch out for and old ones that keep mutating. Automated security tools can be generally effective, but they can also generate a lot of false positives. MDR professionals armed with the latest threat intelligence can fine-tune the automation rules so that fewer false positives are generated. In the event of an actual security incident, the team can jump into action to investigate and respond immediately.

  4. Stronger threat detection

    When human experts team up with technology, they are able to catch more sophisticated threats, including those that may evade traditional security measures. By working in this manner, MDR experts can provide a 24/7 monitoring service that can quickly identify and respond to threats, minimizing the potential damage to your operations. In addition, MDR can be customized to fit the specific needs of your business, making it a versatile and effective security solution.

Beyond the Four Reasons Above: Choose an MDR Partner, Not Just a Provider

Additional human capabilities are leveraged by MDR firms that act as a partner with your organization – not just a provider. With a partner, your organization will have real-time, priority access to a diverse team of cybersecurity, privacy, and data risk experts and advisors. A partner will get to know your unique risk profile and build a custom solution to fit your organization’s needs. Your MDR partner can also make it easier for you to reduce fixed costs and avoid technology lock-in in favor of adaptive solutions that meet your evolving security needs. In addition, an MDR partner can optimize your security investments. 

What Expertise Should an MDR Partner Bring to the Table to Protect Your Organization from Threats?

Managed Detection and Response (MDR) partners should be transparent about how they recruit and train their specialists so organizations can be confident they have the necessary skills and knowledge to protect themselves from cyber attacks. They should share with clients how they integrate several specialized skill sets including advanced threat detection engineering, incident investigation, and compromise containment and recovery. Also, an effective MDR partner should have specialists that have a deep understanding of the cyber threat landscape. This includes how threat actors are evolving their strategies and leveraging different attack vectors to undermine security systems. 

Not only that, but your MDR team members should have the knowledge necessary to leverage best-in-class technologies to cover your threat surfaces and efficiently identify and respond to sophisticated threats. Also, your MDR provider should have a program that establishes a talent pipeline to maintain access to cybersecurity professionals despite the global shortage. 

Adding the Human Element to Technology Keeps Organizations Safe

With a combination of technology and human insights and expertise, an MDR partner can help your company increase the safety of your networks without overburdening your cybersecurity teams. By leveraging sophisticated analytics, your MDR partner should be able to monitor a broad spectrum of activities, stay on top of threats 24/7, respond quickly to any incidents, and detect suspicious or malicious behavior in real-time. This ensures that your business has the latest information on emerging threats, thus allowing you to stay one step ahead of your adversaries. 

If you’re looking for peace of mind when it comes to threat detection and response, download our MDR eBook, “How to Evaluate Managed Detection and Response (MDR) Providers.”

© Copyright 2023. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.


article, cyber response, cybersecurity & data privacy, data privacy & cyber risk, content-team

Let’s Connect

We solve problems by operating as one firm to deliver for our clients. Where others advise, we solve. Where others consult, we partner.

I’m interested in

I need help with