{"id":9047,"date":"2025-11-24T12:00:00","date_gmt":"2025-11-24T10:00:00","guid":{"rendered":"https:\/\/blog.eset.ee\/et\/?p=9047"},"modified":"2026-06-14T20:06:17","modified_gmt":"2026-06-14T17:06:17","slug":"mdr-is-the-answer-now-whats-the-question-2","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2025\/11\/24\/mdr-is-the-answer-now-whats-the-question-2\/","title":{"rendered":"MDR is the answer \u2013 now, what\u2019s the question?"},"content":{"rendered":"<p>When I was in my mid-teens, I decided to get a job in a small local garage to learn how to maintain cars in preparation for owning my own. Years later, I was fortunate enough to have a company car. One day, it indicated that the oil was low and needed an oil and filter change. I knew what to do \u2013 I\u2019d done that stint as a low-paid dogsbody in a garage. So, rather than booking it in (as I should have), I decided to drain the oil, change the filter, and refill with clean oil. I opened the bonnet.<\/p>\n<p>What the hell is this?<\/p>\n<p>I couldn\u2019t recognise what was under there as any engine I\u2019d seen just 10 years earlier. Undaunted, I jacked up the car and looked for the sump plug \u2013 the bolt underneath the engine that needs to be removed to drain the old oil. No sump plug! How do I get the oil out? After searching around for a while, I read the manual: oil changes could only be carried out by designated garages with the requisite equipment \u2013 in this case, an oil suction machine! I gave in and took it to the garage.<\/p>\n<p>So what\u2019s this got to do with cybersecurity \u2013 and a solution known as Managed Detection and Response (MDR)?<\/p>\n<h2>From pit lane to server room<\/h2>\n<p>This story is analogous to the experience of many IT managers over the last 15-20 years. Once upon a time, they could maintain simple AV provision, tweak a few settings, and all was well. Today, what\u2019s \u201cunder the bonnet\u201d of advanced cybersecurity solutions is unrecognisably complex compared to yesteryear. This complexity isn\u2019t by design \u2013 it\u2019s by necessity. Cybercriminal networks and nation-state actors have developed ever more sophisticated tools and methods to bypass defences and extort money or disrupt services.<\/p>\n<p>The technology advances in this arms race have, to a greater or lesser degree, left the generalist IT manager behind from a skills perspective. This isn\u2019t their fault \u2013 nearly everything in modern businesses relies on IT, and security is just one small (but critical) part of the service they deliver.<\/p>\n<p>Going back to my story about my (I like to think, valiant) attempt at self-maintaining my car: I\u2019m akin to the generalist IT manager here \u2013 the tech got away from me, and I needed a specialist team to do what I used to be able to do. In today\u2019s rapid escalation of cyberattacks versus cyber defences, the IT manager needs the skills of an F1 driver and a pit crew of multiple experts to deliver the necessary service.<\/p>\n<figure><img decoding=\"async\" alt=\"f1 steering wheels\" height=\"\" src=\"https:\/\/web-assets.esetstatic.com\/wls\/2025\/11-25\/f1-steering-wheels.jpeg\" title=\"Increasing complexity of McLaren F1 steering wheels from 1969 (top left) to 1988 (Ayrton Senna \u2013 top right) and 2014 (Jenson Button \u2013 bottom right) (source: McLaren)\" width=\"\"><figcaption><em>Increasing complexity of McLaren F1 steering wheels from 1969 (top left) to 1988 (Ayrton Senna \u2013 top right) and 2014 (Jenson Button \u2013 bottom right) (source: <a href=\"https:\/\/www.mclaren.com\/racing\/team\/through-the-ages-formula-one-steering-wheels\/\">McLaren<\/a>)<\/em><\/figcaption><\/figure>\n<p>XDR and EDR services are the F1 cars of the cybersecurity world \u2013 and many IT managers, security managers, and CIOs\/CISOs just can\u2019t drive them. That\u2019s why Managed Detection and Response (MDR) services are often cited as the predominant way organisations will protect themselves. Earlier this year, <a href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2023-02-14-gartner-security-risk-management-summit-mumbai-day2-highlights\">Gartner forecast<\/a> that up to 50% of all organisations will have adopted MDR by the end of 2025.<\/p>\n<p>So, going back to the title, what\u2019s the question?<\/p>\n<p>Given that there are expert tools proven to significantly reduce the likelihood of a successful and damaging breach; that there are expert practitioners of these tools; that you are unlikely to have the requisite skills; and that you are unlikely to operate your own 24\/7\/365 SOC\u2026 if there was only one thing you could do to massively mitigate this risk to your organisation, what service would you implement as soon as possible?<\/p>\n<h2>Why MDR is the strategic advantage IT teams need<\/h2>\n<ol>\n<li>You can\u2019t do this on your own! The days of manually configuring firewalls and scanning logs are gone. Modern threats require specialist tools and expertise. MDR provides both, allowing IT teams to focus on broader business priorities without compromising security.<\/li>\n<li>IT generalists \u2013 and even security managers \u2013 wear many hats. Attackers have one job, and they do it round the clock! Cybercriminals operate like elite racing teams \u2013 using automation, AI, and coordinated tactics. MDR levels the playing field by bringing in dedicated professionals who understand the threat landscape and can respond in real time.<\/li>\n<li>Visibility and speed are critical: Just as milliseconds matter in racing, response time is everything in cybersecurity. MDR platforms <a href=\"https:\/\/www.welivesecurity.com\/en\/business-security\/need-speed-organizations-turning-rapid-trustworthy-mdr\/\">detect anomalies instantly and act decisively<\/a> \u2013 often before internal teams even notice an issue.<\/li>\n<li>The skills gap is growing \u2013 and you need to match the threat 24\/7\/365: Most IT departments are stretched thin, and recruiting top-tier security talent is expensive and competitive. MDR fills this gap with scalable, expert-led services that adapt to your organisation\u2019s needs.<\/li>\n<li>Enterprise-grade protection for any size organisation: Building an in-house Security Operations Centre (SOC) is costly \u2013 so costly that it\u2019s out of reach for the vast majority of organisations. MDR offers the same level of protection \u2013 without the overhead \u2013 making it <a href=\"https:\/\/www.welivesecurity.com\/2022\/11\/10\/toward-cutting-edge-smbs-contemplating-enterprise-security\/\">accessible to SMEs<\/a> and large enterprises alike.<\/li>\n<\/ol>\n<h2>Conclusion<\/h2>\n<p>It\u2019s evident that the \u201ctreasure\u201d available to cybercriminals and malicious nation-state actors by breaching defences has accelerated the sophistication of their tools and organisational structures. They are specialists \u2013 and MDR providers are too. MDR is no longer a \u201cnice-to-have\u201d; as many observers regularly highlight, it\u2019s an imperative. Gone are the halcyon days of changing your own oil and installing a bit of antivirus software. MDR will, no doubt, be superseded \u2013 probably by MXDR \u2013 sooner rather than later, and this article could be rolled out again with a simple \u201csearch and replace\u201d for MDR references throughout.<\/p>\n<\/p>\n<p class=\"wls-source\"><a href=\"https:\/\/www.welivesecurity.com\/en\/business-security\/mdr-answer-now-whats-question\/\" rel=\"nofollow noopener\" target=\"_blank\">Read the full analysis on WeLiveSecurity \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Why your business needs the best-of-breed combination of technology and human expertise<\/p>\n","protected":false},"author":5,"featured_media":9049,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2879],"tags":[],"class_list":["post-9047","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-security"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/9047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=9047"}],"version-history":[{"count":1,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/9047\/revisions"}],"predecessor-version":[{"id":9807,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/9047\/revisions\/9807"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/9049"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=9047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=9047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=9047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}