Managed Detection and Response (MDR)
Also known as: managed detection response, SOC as a service
Managed Detection and Response (MDR) is a security service that combines 24x7 monitoring, threat hunting, AI-assisted triage, and incident response — typically delivered by a third-party SOC on top of customer-owned telemetry.
Detailed explanation
MDR provides outcomes-based security operations: detection of threats across endpoints, cloud, identity, and SaaS; investigation and triage of alerts; and response actions such as containment and remediation. It differs from MSSP (Managed Security Services Provider) in its focus on active detection and response, not just monitoring.
Modern MDR services increasingly use AI for alert prioritization, automated correlation, and analyst assistance — though human SOC analysts remain central for context, investigation, and response decisions. SLAs typically include mean time to detect (MTTD), mean time to respond (MTTR), and coverage scope.
MDR is particularly valuable for organizations that cannot economically run a 24x7 SOC in-house, need to compress time-to-detect for regulatory or business reasons, or want to layer expert response on top of existing security tooling.