Managed Detection and Response (MDR)

Managed security services have been around for a long time. Traditional managed security services are focused on security and compliance reporting rather than on actively responding to threats. From a threat perspective they are essentially passive.
A Managed Detection and Response (MDR) service is a next-generation managed security service that provides active threat hunting, triage, investigation and remediation as well as shared visibility into and control over the entire threat detection and response process.

Arete Managed Detection and Response (MDR) Service

Arete’s Managed Detection and Response (MDR) services are next-generation managed security services that include:


Highly experienced people (security architects, analysts, forensic investigators, and incident responders) who continuously monitor your security infrastructure (24×7) and proactively triage, investigate and respond to threats as they appear.


A platform (hardware, software, applications, threat intelligence) that enables Arete to detect, prevent, investigate, and (as authorized) remediate threats on your behalf.


A process that will give both Arete and you shared visibility and control over your security status, posture, and operations (it’s not a “black box”).

There are two Arete MDR service offerings that are distinguished based on the platform components that are included in the service:

Arete MDR

Includes the SentinelOne platform component

Arete MDR Plus

Includes both the SentinelOne and AlienVault platform components

Our People

Arete’s people are arguably the most important, the most unique, and the most differentiating component of Arete’s MDR service offering. Experienced cybersecurity professionals are in extremely high demand, and Arete’s team is made up of world-class security operations analysts, security architects and engineers, incident responders, and forensic investigators with hundreds of person-years of experience in government and civilian cybersecurity environments. We have a deep understanding of threat actors’ tactics, techniques and procedures (TTPs) based on decades of experience doing actual Incident Response (not just selling security products). This level of knowledge and experience is required to provide the judgement required in an MDR service.

Our Platform

Arete’s MDR service is based on a modular platform made up of a set of product and system components that were carefully selected and integrated by Arete based on decades of experience in cybersecurity as both developers and users of security products and services. These components can be deployed in a modular way to complement and enhance the capabilities your existing security infrastructure.

The key components of the platform include:

Advanced Endpoint Protection (Powered by SentinelOne)
This component is an endpoint protection and response system that uses Artificial Intelligence and real-time behavior analysis to automatically detect, block, and remediate threats, including threats that cannot be detected by traditional or even “next-gen” anti-virus systems. It also includes a “flight recorder” capability that continuously extracts and stores a rich set of information (metadata) about all endpoint activities – such as process, file system, and network behavior – that enables Arete’s monitoring team to “go back in time” and find the root causes of threats under active investigation. (Note: this platform component is included in all Arete MDR services).

Universal Security Management (Powered by AlienVault)
This is a multi-function component that provides many security features and functions such as asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, SIEM and log management, security and compliance reporting, and case management. By consuming, normalizing, storing and analyzing logs, events, and alerts from your entire security infrastructure, this component provides the broad visibility and triangulated threat detection (correlation) that’s required for effective security. (Note: this platform component is included in “Arete MDR Plus” service only).

Dynamic Threat Intelligence
The Arete MDR platform automatically consumes and operationalizes a rich, curated set of dynamic (continuously updated) threat intelligence that includes:
  • Hundreds of millions of threat indicators from the Open Threat Exchange (OTX), one of the world’s largest threat intelligence exchanges (“Arete MDR Plus” only).
  • Multi-dimensional correlation rules, intrusion detection rules, and vulnerability signatures provided by AlienVault’s dedicated threat research team (“Arete MDR Plus” only).
  • Customer-specific threat intelligence developed by Arete’s monitoring, response and forensics teams based on threat behavior observed in a particular customer’s environment.
  • Behavioral threat intelligence developed by SentinelOne’s threat research team and built into the SentinelOne product.

Our Process

The Arete MDR service employs a proven process that includes:

  • Remotely assisted service deployment and configuration (note: on-site assistance is not included in the MDR services but is available as a separately chargeable option)
  • Continuous (24×7) pro-active monitoring and investigation by Arete’s global monitoring team
  • Investigation of events that are considered suspicious but not definitively malicious (and therefore not blocked automatically by the platform)
  • Remediation actions within scope of prior approval by customer
  • Escalation and notification of significant security alarms

Why Contact Arete?

Engaging the Arete team gives your organization the confidence to respond to a data breach with a trusted partner and access to the world’s leading cybersecurity professionals - anywhere in the world - within hours, not days.