What is Managed Data Detection and Response (MDDR)?

The world runs on data.  

No matter the industry — healthcare, finance, government, education, etc. — organizations all operate on data.  

All cyberattacks also lead to data. Whether the source is external or internal, sophisticated or not, threats need data to steal an identity or a corporate secret, compromise a network, or conduct a denial-of-service attack.  

However, even with data at the center of business operations and breaches, companies still pay millions for threat detection products and services that struggle to answer important questions when an incident occurs. Questions such as, “Was any data stolen?” 

At Varonis, we protect data first, not last, and our Managed Data Detection and Response (MDDR) offering is the world’s first managed service for monitoring and protecting critical data 24x7x365.  

What is Varonis MDDR, and how does it work? 

Since Varonis’ founding in 2005, threat detection has been a core component of our Data Security Platform. 

Varonis MDDR combines our industry-leading threat detection technology with our world-class team of elite threat hunters, forensics analysts, and incident responders who triage, investigate, and respond to alerts, so you don’t have to.   

This service also incorporates our best-in-class behavioral analysis, machine learning, AI automation, decades of security expertise, and unique metadata telemetry to protect our customers from threats and attack paths that XDR and EDR services can’t see. 

MDDR is data-centric. 

Traditional detection and response services tend to be threat actor-centric. They answer questions such as, “Who was the threat actor? What CVE did they exploit? What tools were leveraged?” 

These are important questions to answer, but when it comes to understanding the impact to data, they come up short and increase the average time to detect a breach by weeks. 

Unlike traditional XDR and EDR services, Varonis MDDR focuses on your data, so you’re not solely getting insights focusing on the actor behind an attack. 

Varonis can tell you which files were impacted, whether any PII or intellectual property was impacted, and more to get to the core answer of whether data was stolen and if the breach should be reported.  

Without this data-centric focus, organizations with advanced security stacks can still fall victim to breaches from insider threats and attackers that bypass endpoint and network controls.  

Varonis MDDR answers questions that other detection and response solutions cannot, such as whether data was exfiltrated and if the incident is a material breach.

AI-driven investigations 

When abnormal activity is detected in your environment, Varonis performs an initial investigation to add critical context about the user — their peers, the data they work with, alert trends, the devices involved, and general working times — and triggers the auto responses needed. Critical alerts are escalated to our expert team for further investigation and mitigation.  

In the Varonis interface, our customers see which alerts their analysts are working on, read their notes, and stay in the loop. We’ll only escalate cases to you when needed. 

A ransomware alert, for example, will trigger our AI to investigate. If the results indicate a true positive, your MDDR analyst gets involved quickly to efficiently explore the alert and get to a resolution as soon as possible. 

Our AI-driven investigations make our industry-leading SLA possible, allowing us to respond to ransomware alerts within 30 minutes and other alerts within 120 minutes. The service also includes proactive threat hunting and monthly security assessments to ensure your data security posture is constantly improving. 

Varonis experts respond quickly and explore the alert to get to the resolution as quickly as possible.

Proactive threat hunting  

The Varonis Threat Labs (VTL) team proactively researches trends, emerging cyber threats, threat actors, and more that target certain verticals.  

We include these findings in our monthly security posture assessments for MDDR customers, providing the latest live threat intelligence updates to continually reduce their attack surface. 

Read the latest VTL research.  

Varonis MDDR in action 

In 2018, Varonis formed its incident response (IR) organization which inspired our MDDR offering. Since its inception, Varonis IR has investigated over 10,000 incidents. 

Recently, at a regional healthcare institution, Varonis identified intrusion attempts from BlackCat, also known as ALPHV, and prevented the possibility of a damaging encryption event.  

After quickly alerting the customer, we identified the vulnerable device and assisted with mitigation.  

MDDR also helps our customers combat insider threats. When our EDR functionality alerted a customer of unusual activity, they contacted our team to investigate and identify a suspicious file on the network. 

Our experts quickly identified the file's creator, a disgruntled IT admin, and reviewed their activity across the network. We discovered they not only created the suspicious file but had also created rogue objects to likely leverage for persistence in the network, along with accessing HR files related to their partner, who was facing disciplinary action at the organization.  

What started as an EDR incident evolved into a much broader internal threat investigation and without our IR team’s focus on the data and the true scope of the threat, would have led to a very different outcome. 

Don’t wait for a breach to occur.  

Without continuous data monitoring, organizations increase the risk of exposure when a breach occurs. Varonis MDDR is the only solution that provides 24x7x365 data monitoring.  

Ready to see how Varonis MDDR can help secure your sensitive data?  

Contact your Varonis representative or see Varonis in action by scheduling your 30-minute demo.