Glossary term
MDR (Managed Detection and Response)
Also: Managed Detection and Response, 24/7 SOC-as-a-service
A service that provides outsourced 24/7 monitoring, detection and response on top of an EDR or XDR platform. MDR replaces the need to staff a full in-house security operations centre while keeping incident ownership internal.
MDR is the dominant answer to the gap between rising threat volume and the limited supply of senior SOC analysts. The provider runs 24/7 monitoring, correlation and initial response on agreed tooling; the customer keeps strategic ownership of the security programme and major incidents.
MDR selection is tightly coupled to EDR or XDR selection because most MDR partners support a limited set of underlying platforms. Picking MDR first and EDR second is often cleaner than the reverse, especially in mid-market enterprises without a mature SOC.
Dealbreakers in MDR decisions: EU-based SOC with German-speaking analysts where required, response SLA (minutes vs hours to first action), data residency of the telemetry store, and the explicit scope of response authority (contain vs advise).
Related terms
EDR (Endpoint Detection and Response)
A class of endpoint security tools that continuously records endpoint activity and enables detection…
XDR (Extended Detection and Response)
A security platform that unifies telemetry across endpoint, network, identity, email and cloud, corr…
SIEM (Security Information and Event Management)
A platform that centralises security logs, enables long-term retention, runs correlation rules and s…