With our Managed Detection and Response (MDR) service now generally available for businesses and MSPs, you may be wondering: What is MDR, how does Malwarebytes MDR work, and do I need it?

Underpinned by our award-winning EDR technology, Malwarebytes MDR offers powerful and affordable threat prevention and remediation services, provided by a team of cybersecurity experts that remotely monitors your network 24/7 to detect, analyze, and prioritize threats.

Learn more about Malwarebytes MDR 

Malwarebytes MDR

MDR is a service that provides proactive, purpose-built threat hunting, monitoring, and response capabilities powered by a team of advanced cybersecurity technicians, combined with the analysis of robust correlated data. It takes the guesswork out of your most complex cybersecurity threats by delivering 24/7 threat detection, rapid alerts, prevention, and remediation.

Malwarebytes MDR defends your network every day and all night, safeguarding your data, reputation, and finances with always-on dedicated protection.

While it’s technically possible for SMBs to build out their own MDR program in-house, doing so is a time, expense, and effort equivalent to starting an entirely new IT security department. You’ll need to build out your own SOC facilities, hire a minimum of five full-time employees to provide 24/7 coverage, and so on. That’s why many SMBs opt to outsource their MDR to a service provider.

Our experts are your experts: With Malwarebytes MDR, our team of cybersecurity professionals acts as an extension to your security team, ensuring that you have the staff, skill, and experience you need to maximize your cybersecurity posture on a 24/7 basis.

Malwarebytes MDR

Malwarebytes MDR workflow

To recap, the basic workflow for Malwarebytes MDR goes like this:

  1. The Malwarebytes MDR team monitors and analyzes your system, checking for IOCs and threat hunting, and finds something malicious.

  2. Our MDR team sends you an email alerting you to the threat and asking you to go to the MDR portal in Nebula.

  3. You log into Nebula and click on the MDR portal in the upper-righthand corner.

  4. In the main portal view you can see a basic log of everything that the analysts have done on that specific system. Click “Go to Case” for more details on specific threats.

  5. Clicking “Go to Case” will bring you back to Nebula for whatever suspicious activity or alert that the MDR team needs you to remediate.

  6. You do the remediation, go back to the MDR portal, and tell the MDR team that you've completed it.

  7. The MDR team closes out the alert.

How it works

Malwarebytes MDR
Malwarebytes MDR workflow

It all starts with contextual enrichments. EDR alerts are enriched with context from threat intelligence feeds:

  1. Customer telemetry data from all deployed Malwarebytes products ingested.

    1. EDR (including Brute Force Protection) and Cloud Security Modules

  2. Threat intelligence feeds from multiple sources ingested

    1. Premium external threat feeds

    2. Internal Malwarebytes feeds including crowd-sourced intelligence from the entire Malwarebytes customer base (B2B and Consumer)

    3. Open-source feeds

  3. Telemetry data and threat intelligence correlated with alert

    1. Generates additional context to the alert (e.g., more clues to the behavior and origin)

The MDR Analyst Team monitors endpoint alerts 24x7 to field incoming alerts:

  1. Artifacts of alert rapidly reviewed and prioritized for triage

    1. Automations sift through the artifacts (processes, actions, etc) to identify most interesting

  2. Case opened on each artifact requiring triage

    1. Notification provided to customer within MDR Portal

  3. Case analyzed by MDR Analyst team

    1. Deep analysis and review leveraging enriched alerts

    2. Escalation to Tier 3 analysts, 2nd opinions within the team

  4. ‘Best course of action’ decided and communicated

    1. MDR Analysts communicate one of two possible decisions via the customer portal:

      1. Customer verification of artifact required 

      2. Remediation required

Then comes the options for remediation:

  1. Malwarebytes managed 

    1. Malwarebytes automatically provides remediation by removing threats using EDR capabilities 

    2. Re-boot, re-imaging, and other onsite tasks will require customer involvement

  2. Collaborative

    1. Malwarebytes notifies customer who can authorize managed remediation or perform remediation themselves

    2. Work together to take care of it outside of biz hours, etc

  3. Manual (customer does it, guidance from MWB)

    1. Malwarebytes provides notification to customer with detailed guidance to perform remediation themselves

Finally, for case closure:

  1. Closure notification to customer within the MDR portal

  2. History of closed cases available for compliance and reporting needs

    1. Case event details available to customer

Want to learn more?

If you want to know more about MDR and if it's right for you, check out these resources: