MDR

MDR wraps your EDR/SIEM tooling with a 24/7 staffed Security Operations Centre. The provider triages alerts, investigates, takes containment actions, and contacts you with a finding, all without you needing to be awake.

For an MSP, MDR is a popular outsource because:

• Building a 24/7 SOC in-house is expensive
• You inherit the provider’s threat intel and analyst expertise
• The cost slots cleanly into a per-endpoint markup

Common providers: Huntress (the most MSP-native), SentinelOne Vigilance, CrowdStrike Falcon Complete, Arctic Wolf, Sophos MDR.