NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • Curated Threat Intelligence
      • Managed Detection and Response (MDR)
      • Sentinel Managed Extended Detection and Response (MXDR)
      • SOC as a Service
      • Splunk Managed Services
      • Tenable Managed Services
      • Vendor Security Assessments
      • Vulnerability Management
      • Zscaler Support Services
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
NuHarbor Security Blog
    • Compliance
    • Cybersecurity Technology
    • Security Operations
    • Industry Insights
    • Security Testing
    • Advisory and Planning
    • Application Security
    • Managed Detection and Response
    • Threat Intelligence
    • NuHarbor
    • Managed Services
    • Cyber Talent
August 28, 2020

CrowdStrike MDR - Detection Services (Part 1 of 4)

Justin Fimlaid Justin Fimlaid

This is part one of a four-part CrowdStrike Managed Detection and Response (MDR) series.

The very first thing you should know about MDR providers is that the best service can only exist with the best technology. What separates the wheat from the chaff when it comes to MDR providers is most often their technology. You can't expect Dale Earnhardt to win the Daytona 500 in an old Model-T; same is true for solution providers. Good solutions require good technological capability.

 

These days, one of the most important pieces of an MDR solution is its cloud-first connection. Too many problems can exist with the endpoint security solution, prohibiting it from making the necessary connections or archiving the necessary data to perform its function. The modern workforce is incredibly mobile, even more so as many companies remain in a remote work status due to the pandemic, and laptops and mobile devices are often connecting through unknown networks. This setup requires the MDR being able to communicate with the endpoint no matter where you are in the world or what network you're on. 

Next, machine learning is really table stakes in 2020. If you're relying on a signature file to download and tell you if you're getting pwned, you're already in trouble. This is like waiting for the pony express to arrive with your delivery and you never found out the rider was ambushed and isn't coming. Today's leading MDR technologies are built on machine learning capabilities that allow for greater statistical analysis. Due to a shifting threat landscape, any machine learning should also be coupled with behavior-based analytics and protections. Any behavior-based analytics should include pre-execution and post execution attacks.

Endpoint detection and response (EDR) is also important in your technology and will come in to use during investigative phases. It's important to evaluate your solution provider early to identify if this is in their solution set. Without this capability, your solution provider will be natively limited in their ability to conduct comprehensive investigative analysis of suspicious events.  This leads me to threat hunting. Threat hunting and EDR are similar in nature but in actuality are different technologies. EDR allows you to see the attack path and execution, but threat hunting allows you to take the indicator of compromise (IOC) or indicator of attack (IOA) and search your environment for the same signature on other endpoints. Not all MDR solutions give your provider the ability to threat hunt.

And here's the biggest and most important factor of all: An MDR solution will only track what’s happening on the endpoint and not what's happening to the endpoint. By that I mean an attacker will have to conduct an activity on the endpoint in order for the MDR solution to identify that something nefarious is about to occur or has occurred. However, many attack discovery events occur outside of the endpoint and a series of actions normally happen to the endpoint before something happens on the endpoint. This is an inherent blind spot in all MDR solutions. Here's a real-world example. A burglar is surveilling your house, waiting outside the front door, and you're oblivious to the pending attack because you can't see them standing on your porch.  Only when they breach the door or window can you see you've been targeted. Ideally you'd want to have visibility and knowledge the burglar is on your front porch before they breach the door so you can take protective measures.

There are many other technology considerations that should be made when selecting your MDR solution provider. If you're looking for an MDR solution, NuHarbor maintains best-of-breed technology as the backbone of our MDR solution. Our team of security analysts perform comprehensive alert monitoring, triage, and detection. While our solution is rooted in technology, we also employ red teaming and threat aggregation and analysis. This pedigree allows us to take the best MDR technology and couple it with the best security knowledge and expertise available in the market today.

If you're looking for an MDR provider that actually gives a sh*t, contact us today.

Justin Fimlaid
Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

Related Posts

Managed Services 9 min read
What is Managed Extended Detection and Response (MXDR)?
Read More
2 min read
How the Chaos Theory Can Impact Your Cybersecurity Budget Read More
Advisory and Planning 2 min read
What to Consider When Budgeting for Cybersecurity Read More

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.