惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

MyScale Blog
MyScale Blog
U
Unit 42
The Register - Security
The Register - Security
S
Security Affairs
博客园 - 【当耐特】
Latest news
Latest news
爱范儿
爱范儿
T
The Exploit Database - CXSecurity.com
F
Full Disclosure
C
Cisco Blogs
宝玉的分享
宝玉的分享
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
P
Privacy & Cybersecurity Law Blog
腾讯CDC
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Vulnerabilities – Threatpost
Jina AI
Jina AI
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 叶小钗
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园_首页
博客园 - 三生石上(FineUI控件)
D
DataBreaches.Net
WordPress大学
WordPress大学
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Microsoft Security Blog
Microsoft Security Blog
N
News and Events Feed by Topic
Recorded Future
Recorded Future
Scott Helme
Scott Helme
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
AWS News Blog
AWS News Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
人人都是产品经理
人人都是产品经理
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Tor Project blog
F
Fortinet All Blogs
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
H
Hacker News: Front Page
J
Java Code Geeks
A
About on SuperTechFans
The GitHub Blog
The GitHub Blog
博客园 - 聂微东
Last Week in AI
Last Week in AI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
W
WeLiveSecurity
V2EX - 技术
V2EX - 技术
T
Troy Hunt's Blog
Attack and Defense Labs
Attack and Defense Labs

WeLiveSecurity

Supply chain dependencies: Have you checked your blind spot? Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ As breakout time accelerates, prevention-first cybersecurity takes center stage Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Your information is on the dark web. What happens next? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank Oversharing is not caring: What’s at stake if your employees post too much online This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector SnakeStealer: How it preys on personal data – and how to stay safe Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files Manufacturing under fire: Strengthening cyber-defenses amid surging threats New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power This month in security with Tony Anscombe – September 2025 edition Roblox executors: It’s all fun and games until someone gets hacked DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception Watch out for SVG files booby-trapped with malware Gamaredon X Turla collab Small business, big risk: How SMBs can fight back against ransomware HybridPetya: A Petya/NotPetya copycat comes with a twist Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass Are cybercriminals hacking your systems – or just logging in? Preventing business disruption and building cyber-resilience with MDR Under lock and key: Safeguarding business data with encryption GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes This month in security with Tony Anscombe – August 2025 edition Don’t let “back to school” become “back to bullying”
MDR is the answer – now, what’s the question?
Steven Connolly · 2025-11-24 · via WeLiveSecurity

Business Security

Why your business needs the best-of-breed combination of technology and human expertise

24 Nov 2025  •  , 4 min. read

MDR is the answer – now, what’s the question?

When I was in my mid-teens, I decided to get a job in a small local garage to learn how to maintain cars in preparation for owning my own. Years later, I was fortunate enough to have a company car. One day, it indicated that the oil was low and needed an oil and filter change. I knew what to do – I’d done that stint as a low-paid dogsbody in a garage. So, rather than booking it in (as I should have), I decided to drain the oil, change the filter, and refill with clean oil. I opened the bonnet.

What the hell is this?

I couldn’t recognise what was under there as any engine I’d seen just 10 years earlier. Undaunted, I jacked up the car and looked for the sump plug – the bolt underneath the engine that needs to be removed to drain the old oil. No sump plug! How do I get the oil out? After searching around for a while, I read the manual: oil changes could only be carried out by designated garages with the requisite equipment – in this case, an oil suction machine! I gave in and took it to the garage.

So what’s this got to do with cybersecurity – and a solution known as Managed Detection and Response (MDR)?

From pit lane to server room

This story is analogous to the experience of many IT managers over the last 15-20 years. Once upon a time, they could maintain simple AV provision, tweak a few settings, and all was well. Today, what’s “under the bonnet” of advanced cybersecurity solutions is unrecognisably complex compared to yesteryear. This complexity isn’t by design – it’s by necessity. Cybercriminal networks and nation-state actors have developed ever more sophisticated tools and methods to bypass defences and extort money or disrupt services.

The technology advances in this arms race have, to a greater or lesser degree, left the generalist IT manager behind from a skills perspective. This isn’t their fault – nearly everything in modern businesses relies on IT, and security is just one small (but critical) part of the service they deliver.

Going back to my story about my (I like to think, valiant) attempt at self-maintaining my car: I’m akin to the generalist IT manager here – the tech got away from me, and I needed a specialist team to do what I used to be able to do. In today’s rapid escalation of cyberattacks versus cyber defences, the IT manager needs the skills of an F1 driver and a pit crew of multiple experts to deliver the necessary service.

f1 steering wheels
Increasing complexity of McLaren F1 steering wheels from 1969 (top left) to 1988 (Ayrton Senna – top right) and 2014 (Jenson Button – bottom right) (source: McLaren)

XDR and EDR services are the F1 cars of the cybersecurity world – and many IT managers, security managers, and CIOs/CISOs just can’t drive them. That’s why Managed Detection and Response (MDR) services are often cited as the predominant way organisations will protect themselves. Earlier this year, Gartner forecast that up to 50% of all organisations will have adopted MDR by the end of 2025.

So, going back to the title, what’s the question?

Given that there are expert tools proven to significantly reduce the likelihood of a successful and damaging breach; that there are expert practitioners of these tools; that you are unlikely to have the requisite skills; and that you are unlikely to operate your own 24/7/365 SOC… if there was only one thing you could do to massively mitigate this risk to your organisation, what service would you implement as soon as possible?

Why MDR is the strategic advantage IT teams need

  1. You can’t do this on your own! The days of manually configuring firewalls and scanning logs are gone. Modern threats require specialist tools and expertise. MDR provides both, allowing IT teams to focus on broader business priorities without compromising security.
  2. IT generalists – and even security managers – wear many hats. Attackers have one job, and they do it round the clock! Cybercriminals operate like elite racing teams – using automation, AI, and coordinated tactics. MDR levels the playing field by bringing in dedicated professionals who understand the threat landscape and can respond in real time.
  3. Visibility and speed are critical: Just as milliseconds matter in racing, response time is everything in cybersecurity. MDR platforms detect anomalies instantly and act decisively – often before internal teams even notice an issue.
  4. The skills gap is growing – and you need to match the threat 24/7/365: Most IT departments are stretched thin, and recruiting top-tier security talent is expensive and competitive. MDR fills this gap with scalable, expert-led services that adapt to your organisation’s needs.
  5. Enterprise-grade protection for any size organisation: Building an in-house Security Operations Centre (SOC) is costly – so costly that it’s out of reach for the vast majority of organisations. MDR offers the same level of protection – without the overhead – making it accessible to SMEs and large enterprises alike.

Conclusion

It’s evident that the “treasure” available to cybercriminals and malicious nation-state actors by breaching defences has accelerated the sophistication of their tools and organisational structures. They are specialists – and MDR providers are too. MDR is no longer a “nice-to-have”; as many observers regularly highlight, it’s an imperative. Gone are the halcyon days of changing your own oil and installing a bit of antivirus software. MDR will, no doubt, be superseded – probably by MXDR – sooner rather than later, and this article could be rolled out again with a simple “search and replace” for MDR references throughout.


Let us keep you
up to date

Sign up for our newsletters