* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [News and Events](https://www2.paloaltonetworks.com/blog/security-operations/category/news-and-events/)
* How to Think About Choosi...

# How to Think About Choosing an MDR Partner

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fhow-to-think-about-choosing-an-mdr-partner%2F)  
[](https://twitter.com/share?text=How+to+Think+About+Choosing+an+MDR+Partner&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fhow-to-think-about-choosing-an-mdr-partner%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fhow-to-think-about-choosing-an-mdr-partner%2F&title=How+to+Think+About+Choosing+an+MDR+Partner&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/how-to-think-about-choosing-an-mdr-partner/&ts=markdown)  
\[\](mailto:?subject=How to Think About Choosing an MDR Partner)  
Link copied  
By [Tanya Wilkins](https://www.paloaltonetworks.com/blog/author/tanya-wilkins/?ts=markdown "Posts by Tanya Wilkins") and [Tom Barsi](https://www.paloaltonetworks.com/blog/author/tom-barsi/?ts=markdown "Posts by Tom Barsi")  
Nov 16, 2021  
4 minutes  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[Cortex](https://www.paloaltonetworks.com/blog/tag/cortex/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[eXtended Managed Detection and Response](https://www.paloaltonetworks.com/blog/tag/extended-managed-detection-and-response/?ts=markdown)  
[Managed Detection and Response](https://www.paloaltonetworks.com/blog/tag/managed-detection-and-response/?ts=markdown)  
[Managed Security Services Provider](https://www.paloaltonetworks.com/blog/tag/managed-security-services-provider/?ts=markdown)  
[MDR](https://www.paloaltonetworks.com/blog/tag/mdr/?ts=markdown)  
[MSSP](https://www.paloaltonetworks.com/blog/tag/mssp/?ts=markdown)  
[NextWave Partner](https://www.paloaltonetworks.com/blog/tag/nextwave-partner/?ts=markdown)  
[XMDR](https://www.paloaltonetworks.com/blog/tag/xmdr/?ts=markdown)

Security and risk leaders are challenged with securing their organization in an ever-evolving threat landscape and also with finding skilled people and keeping them trained on the latest technology and threats in the midst of a global cyber skills shortage.

Many companies turn to [Managed Detection and Response (MDR)](https://www.paloaltonetworks.com/cortex/managed-detection-and-response) providers to address some of these challenges. MDR is a type of managed security service (MSS) that provides 24/7 threat management and modern SOC functions so companies don't need to stand up a fully mature SOC on their own. MDR can be used to outsource or augment their security operations. Gartner predicts that\*"[By 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment capabilities."](https://www.gartner.com/en/documents/4007295)\*

### **When Should You Use MDR Services?**

**MDR services can help you to:**

* **Acquire modern SOC capabilities**. When there are no existing or limited internal SecOps capabilities
* **Accelerate your SOC capabilities or SecOps maturity**
* **Augment or complement your existing SecOps capabilities**by providing a second set of eyes or filling gaps in your team or capabilities

### **What Considerations are Important for Successful MDR?**

MDR helps reduce the time to detect (MTTD) and remediate threats (MTTR). MDR provides the tools, tactics, procedures (TTP) and people. Good MDR offers customized, prescriptive response actions or outcomes rather than just alerts.

Additionally, MDR may provide incident response and orchestration. Each MDR provider will likely offer multiple tiers of services. You should determine what business outcomes are most important and likely use cases and then review service requirements. [*Forrester Wave: MDR 2021*](https://www.forrester.com/report/the-forrester-wave-tm-managed-detection-and-response-q1-2021/RES161624)offers more details on different offerings.

**Some of the key questions to ask an MDR provider include:**

* How will you tailor your offerings for our environments and needs?
* Are you able to provide a holistic view, including endpoint, network and cloud infrastructure?
* What SLAs are available for your services?
* Do you offer specialized services such as MTTD and MTTR?
* What engagement cadence will you have with our team?
* What technology stack powers your MDR?
* What kinds of analysis and remediation activities are included?

### **Better Technology Drives Better Services**

Technology advancements can help people become more efficient and effective, and a significant technology shift is happening to the MDR market. Legacy MDR providers built their services on legacy endpoint detection and response (EDR) technologies. EDR-based MDR services require MDR analysts to do more manual tasks, spend more time gathering evidence and applying their skills to rudimentary tasks.

With the advent of [eXtended detection and response (XDR)](https://www.paloaltonetworks.com/blog/2021/08/third-generation-xdr-has-arrived/), MDR that leverages XDR gives these MDR providers a distinct advantage, enabling a higher level of service efficacy to customers. Because XDR stitches both endpoint and non-endpoint events together, the XDR-based MDR provider can provide a holistic view of your entire environment in a more efficient manner

[MDR using XDR](https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/managed-detection-and-response.pdf) will have detection built in with root cause analysis and timelines enabling a faster time to detect and contain a threat. XDR removes the burden of triage, detection and alert management from MDR analysts so they can quickly focus on critical response recommendations and customized actions when it's [a race against time](https://www.paloaltonetworks.com/cortex/whycortex) and every second matters.

**XDR provides advantages for MDR service effectiveness including:**

* **More effective prevention** through Behavioral Threat Protection, AI and cloud-based analysis to reduce incident handling time
* **Superior response capabilities** for faster containment-are included in the response API allowing MDR Providers to leverage the full range of response options via their automation layer
* **Continuous Forensics** for faster investigation and reduced burden of analyst time
* **Stitching of data for comprehensive visibility** reducing the risk of being blindsided
* **Built in detection automation** reducing manual tasks for faster and more accurate response actions

### **Today we are introducing our Cortex eXtended Managed Detection and Response (XMDR) Partner Specialization**

The Cortex XMDR Specialization will enable partners to combine Cortex XDR, Palo Alto Networks pioneering eXtended detection and response solution, with managed services offerings to help you streamline security operations center (SOC) operations and quickly mitigate threats.

We have built our new Cortex XMDR specialization with partners that have verified deep experience in delivering MDR across multiple industries and geographies. We offer detailed onboarding, training and support to partners. Our XMDR specialization enables you to [easily find XMDR partners](https://locator.paloaltonetworks.com/) that are a fit for your needs and have met our rigorous requirements for technical and practical expertise in delivering Cortex XMDR.

Find out more about how you can leverage the expertise of our Cortex XMDR specialized partners to significantly reduce your time for threat detection and threat response.

Ask your [Palo Alto Networks sales representative](https://www.paloaltonetworks.com/company/contact-sales) for more information on Cortex XMDR.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Unit 42 Strikes Oil in MITRE Engenuity Managed Services Evaluation](https://www2.paloaltonetworks.com/blog/2022/11/unit-42-mitre-managedservices-2022/)

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Automate Validation of Your Security Controls with SafeBreach \& Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/safebreach-cortex-xsoar-xdr/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### From ILOVEYOU to AI Defenders -- 25 Years of Email Evolution](https://www2.paloaltonetworks.com/blog/security-operations/from-iloveyou-to-ai-defenders-25-years-of-email-evolution/)

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Palo Alto Networks and MITRE ATT\&CK® Evaluations: Enterprise 2025](https://www2.paloaltonetworks.com/blog/security-operations/palo-alto-networks-and-mitre-attck-evaluations-enterprise-2025/)

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Cortex XDR Is the Only Endpoint Security Market Leader Certified in Both AVC EDR Detection and Anti-Tampering Tests](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xdr-is-the-only-endpoint-security-market-leader-certified-in-both-avc-edr-detection-and-anti-tampering-tests/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### What's New for Cortex and Cortex Cloud (Apr '25)](https://www2.paloaltonetworks.com/blog/security-operations/whats-new-for-cortex-and-cortex-cloud-apr-25/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language