Endpoint detection and response (EDR) specialist provider Malwarebytes has launched a new managed detection and response (MDR) solution to bring threat and incident detection to the SMB market. SMBs are heavily targeted by malicious actors because they are often considered to be the soft underbelly of opportunity.
The MDR solution combines the security firm’s EDR technology with human delivered expertise at a level normally unattainable by SMBs.
Many mainstream cybersecurity products are beyond the budget of smaller organizations, while fulltime specialist security teams are equally unaffordable.
Malwarebytes has been heralding the launch of MDR for the last few months, with some existing customers already receiving what he calls an advanced beta, and on-site publication of several blogs extolling the virtues of MDR. With the official launch on October 12, 2022, the company highlights the different level of threat hunting that MDR can bring to existing SMB EDR customers – including the SMB customers of managed service providers.
SMBs, which can include educational and healthcare institutions, cannot often afford the 24/7/365 security team needed to continuously monitor and triage EDR alerts. Nor can they afford to augment these EDR alerts with professional third-party threat intelligence services, both which are provided by Malwarebytes’ MDR.
The new service provides an option for automated remediation. This is important for SMBs where an attack may occur overnight or at weekends when no security staff are present. Although optional, the firm strongly urges that automated remediation is allowed during the onboarding process. Just alerting the customer and having to wait hours until someone is available to react could be catastrophic given the speed with which many attacks progress. “It’s kind of crippling the point of having a 24/7 service,” Bob Shaker, VP of managed services at Malwarebytes, told SecurityWeek.
The automated remediation is never destructive. “We won’t reboot a computer, we won’t reimage a computer, and we won’t cripple a computer,” said Shaker. “If we must, we will take an endpoint and just quarantine or isolate it if we believe it is safe and not detrimental to do so.”
Onboarding from EDR to MDR is automated and speedy. “Many MDR systems can take months to get fully up and running,” he commented. That’s because the EDRs need to be brought into the MDR. “We flip the paradigm. If you buy our EDR system, you’re already in our MDR. Onboarding is just signing up, providing some basic information, and we immediately spin up the MDR instance in our environment.” His first advanced beta customers, he added, “were literally up and running in less than a day.”
It is perhaps worth noting that the Malwarebytes EDRs, used in the Malwarebytes MDR, scored strongly in independent anti-malware analyses. In this year’s MITRE Engenuity ATT&CK Evaluations, the firm recognized 83 out of 92 steps taken in an attack modeled on Wizard Spider and Sandworm threat actors. At the same time, it provided 100% protection efficacy – all straight from the box without requiring any configuration changes ahead of the test.
“There simply aren’t enough hours in the day for most organizations to adequately address a barrage of alerts. But they don’t have to do it alone,” said Shaker. “We’ve recruited an incredible team of dedicated experts across the globe and empowered them with our award-winning tools and AI-based threat modeling to be a powerful force-multiplier for SMBs and MSPs. This is just the beginning as we continue to accelerate product innovation and deliver new services to secure chronically underserved SMBs and empower MSPs to be their heroes.”