MDR to IDR Handoffs: Stick the Landing

Security leaders and teams rely on MDR providers to deliver 24/7 monitoring of security events, augment the expertise of internal SOC analysts, assist with or perform response actions, and offer assurance that adversaries are not present in the environment through threat hunting. But sometimes, an attack or incident becomes a breach, requiring specialized IR services offered through the MDR provider itself or an IR services firm and covered under attorney client privilege. In a time when the regulatory compliance clock starts ticking for most organizations, the rapid, thorough transfer of information between providers, even those at the same vendor, is critical. But roles and knowledge transfer points are often unclear, delaying containment and investigation and requiring additional time and effort from already taxed security leaders and internal teams. This session will dive into best practices for seamless MDR to IR handoffs in a crisis and will help security leaders and professionals understand the roles, responsibilities, and decision points when escalating an incident to a breach and invoking IR services either with their MDR provider or a third-party IR services firm.