Managed Detection and Response (MDR) Service FAQs

A MDR service will significantly reduce the dwell time. Dwell time is the amount of time an attacker spends within the systems under attack, especially the amount of time the attacker spends undetected.

What are the benefits of the First Watch MDR?

1. Proactive threat detection and response: First Watch MDR identifies and neutralizes threats before they can cause damage.
2. Improved security posture: First Watch MDR strengthens your overall security posture by identifying vulnerabilities and providing recommendations for mitigation.
3. Reduced workload: First Watch MDR frees up your IT team to focus on other critical tasks.
4. Access to expertise: First Watch MDR provides your organization with access to cyber security experts who can handle complex cyber incidents.

First Watch MDR is fully managed security services that include the application of advanced security analytics, artificial Intelligence (AI), behavior-based detections, proactive threat hunting, Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Next-Generation (NGAV) Antivirus powered by SentinelOne®. Our automated rapid response actions and escalation workflows support industry-leading detection (MTTD) and response times (MTTR). The First Watch MDR solution incorporates tools and custom content that identify known and unknown malware, provide real-time automated remediation, and add visibility to both attacks, root cause analysis and impact of infections. This solution enables our customers to better focus on actual incidents and to simplify the incident response process.

Yes, threats and malware are always changing and the MDR service will provide a human element and threat hunting to identify unknown threats and living off the land attacks that EDR and EPP can miss.

Yes, it is a single agent that contains both EDR and NGAV.

The First Watch MDR agent offers protection even when offline. The agent will protect against malware threats when the device is disconnected from the internet.

Yes, the First Watch MDR team’s content development is built on the MITRE ATT&CK framework around Tactics, Techniques and Procedures (TTP). TTPs are used to identify malware and threat actor behaviors as well as stay ahead of new adversaries in the cyber threat landscape. This allows First Watch MDR solutions to be more effective and efficient rather than the outdated methodology of searching hash values, IP addresses and Domain Names known as Indicators of Compromise (IoC). These widely used outdated IoCs generate numerous false positives while missing the malware and threat actor infiltration into your environment and lateral activity across the network. Based on our clients’ experience, the First Watch MDR solutions detection rate against ransomware, commodity malware, and APT is 99%, with a proven detection time of minutes—not days, weeks or months and includes automated containment and remediation of threats.

An endpoint is a laptop, desktop, and/or server.

Yes, since ransomware attacks are multiphase attacks the First Watch MDR uses behavior-based detections that will detect a threat actor in the network and identify and stop the threat actor early in the kill chain.

First Watch MDR responds to ransomware attacks with its advanced behavioral AI engine, which can detect and stop ransomware in real time. First Watch MDR AI engine can analyze the behavior of a ransomware attack and stop it before it can encrypt files. First Watch MDR AI engine can also roll back changes made by the ransomware to restore encrypted files. First Watch MDR also has a ransomware recovery feature that can restore encrypted files from a previous backup.

In a ransomware attack, the First Watch MDR can quickly roll back the affected files to their original state before encryption occurs.

The First Watch MDR team will provide full remediation of the incident. This will consist of killing, quarantine, remediation, and rollback.

Yes, First Watch MDR can protect against zero-day attacks and advanced persistent threats (APTs) by leveraging AI-driven technology, behavioral analysis, real-time threat intelligence and First Watch proprietary behavior based detections to detect and respond to emerging threats proactively.

Threat hunting requires experienced analysts who know how advanced attacks work and what to look for. Many organizations provide this service as an add-on cost. First Watch MDR solutions will perform a successful threat hunt on data sources collected. This is a continuous occurrence for all First Watch Cyber customers. First Watch constantly monitors EDR data collection, EPP detections and TTPs used by APTs. With the information gathered, First Watch conducts a four-step process using a hypothesis on how adversaries can exploit the network, perform an analysis based on the data to determine if the attack would be detected, identify potential patterns, and provide feedback based on the results, including creating new TTPs to be deployed for future detections.