This is the fifth in a five-part blog series on managed detection and response (MDR) as it drives strategic security outcomes for businesses.

Now that you’ve reached part five of this series, you’ve seen how MDR services help organizations. They can help achieve their goals through the context of four key strategic outcomes. You’re familiar with the four pillars of how it can make your business more reliable and more secure:

  • Align your security strategy to your business
  • Protect your digital users, assets and data
  • Manage your defenses against growing threats, and
  • Modernize your security with an open, multicloud platform.

In this final post, we’ll roll up the key takeaways from those discussions in the form of specific questions organizations should ask MDR services providers.

Register for the webinar

Align MDR Services to Your Needs

In the align your security strategy to your business step, we discussed that aligning an MDR service to the unique needs of the business first requires an understanding of what the objectives are. You can learn this a number of ways, including regular tests and workshops to prioritize and clarify goals.

Some key questions you should first ask your MDR service provider to ensure alignment to your business include:

  • How does your MDR provider prioritize your most critical assets?
  • How does your MDR provider demonstrate how they add that knowledge into their monitoring, detection, investigation and threat hunt practices?
  • Does the MDR service clearly communicate in a way that demonstrates its understanding of the business and how it aligns to the organization’s defense needs?
  • How often do you re-assess critical assets?  A well-aligned MDR program is one that stays focused on assets that support business goals as they change.


In protect your digital users, assets and data, we discussed that care needs to be taken when switching to a proactive containment and remediation process and should not be considered a one-time action.

Ask yourself the following questions to determine where you are in the journey to protecting your endpoints:

  • Are we taking advantage of threat intelligence tailored to our needs?
  • Is this intelligence based on both tactics, techniques and procedures and static indicators of compromise?
  • Do we use outcomes of security incidents to fine-tune endpoint detection and response (EDR)?
  • Are we holding regular, tailored, proactive hunts?
  • Do we use hunt outcomes to add new or enhance existing detections?
  • Are we using and testing our pre-approved containment procedures on a regular basis and changing them when we need to?


In manage your defenses against growing threats, we discussed that proper management requires a partnership between MDR services providers who manage the agents and clients who own the endpoints.

Some key questions to ask your MDR services provider could include:

  • How can I pinpoint and document my key assets, users and data?
  • Do you offer a solution to meet data localization needs?
  • How are you ensuring the health and availability of my agents?
  • What is your process for upgrades, testing and verification and enabling of new features?

Modernize With MDR

In modernize your security with an open, multicloud platform, we discussed how the use of cloud platforms is increasing. This requires MDR service providers to adapt in order to remain relevant and effective.

Four important questions to keep in mind when picking MDR services are:

  • First, how many EDR platforms does the MDR services provider support?
  • Next, can the MDR services provider continue to provide the same level of service if the client switches EDR platforms?
  • Does the service also correlate the endpoint data with other relevant sources?
  • Lastly, does the MDR provider focus their service forward and look to improve how it protects you?

When choosing an MDR service provider it is important to focus on key strategic outcomes. That means having outcomes and goals that address defined use cases that you can use to assess what the provider can do.

How MDR Can Reduce Threats

Any MDR service should detect and limit the impact of threats on a 24/7 basis. They should focus on core services of remote threat monitoring, detection and targeted response activities. Be sure that the service provider you choose delivers these core services in a way that really works for you. They should also provide the protection you need in a language you can understand. A provider that delivers transparency and collaboration to serve as an extension to your existing security team.

To that end, IBM has announced new capabilities for IBM Security Managed Detection and Response (MDR) services as part of its strategy to position IBM as the leader in providing modernized, automated, AI-driven detection and response services across the enterprise.

IBM Security, a global leader in 12 market segments, with the largest dedicated security services team and integrated security ecosystem, now delivers the industry’s broadest portfolio of detection and response solutions. IBM Security MDR is a component of the IBM Security X-Force Threat Management (XFTM) portfolio that further extends beyond traditional threat management vendors to provide end-to-end, integrated solutions to manage the full threat management lifecycle.

IBM Security MDR’s enhanced service includes turnkey 24/7 threat detection and fast response capability, fueled by threat intelligence and proactive threat hunting to reveal undetected threats faster while improving SOC productivity. IBM’s AI-powered automation coupled with human-led analysis speed threat response across networks and endpoints in hybrid multicloud environments, offering valuable context for zero trust inspired threat management. To learn more, visit the IBM Security Managed Detection and Response Services page here.

And be sure to register for the MDR inspired webinar: Mapping Your Environment to the MITRE ATT&CK® Framework: Are There Gaps in Coverage?

More from Mobile Security

Third-Party App Stores Could Be a Red Flag for iOS Security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

4 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

How the Mac OS X Trojan Flashback Changed Cybersecurity

4 min read - Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

4 min read

Switching to 5G? Know Your Integrated Security Controls

4 min read - 5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future? The Benefits of 5G 5G's new use cases come from: Customized network slices…

4 min read