Webroot Managed Detection and Response (MDR)

24X7 threat hunting, monitoring and response

  • Quickly detect and respond to threats
  • Purpose-built for MSPs to secure SMBs
  • Meets cyber insurance requirements

What is MDR?

MDR offers comprehensive threat detection and response by augmenting cybersecurity tools with 24×7 human intelligence. MDR processes security information in near real time to hunt for, investigate and respond to incidents.

lock-gradient-icon  MDR is a critical service for containing, resolving and hardening against breaches. It is also becoming a mandatory requirement to obtain cyber insurance.


Why is MDR necessary?

SMBs often lack the in-house security expertise needed to prioritize alerts and fully protect their IT infrastructure. Without a 24×7×365 security posture, SMBs become prime targets for bad actors looking to steal data and extort money.

shield-gradient-icon.png  Webroot MDR is purpose built for MSPs to augment their SMB protection with threat detection and real-time response. MDR also helps MSPS and SMBs obtain cyber insurance.



Check Mark Icon  Fastest in the industry from threat detection to response: 9 mins

Check Mark Icon  Combines multiple tools to stop lateral movement

Check Mark Icon  Seamlessly integrates Webroot MDR and Endpoint agents for quicker event investigation

Check Mark Icon  Accurate and timely insights from BrightCloud® Threat Intelligence

Check Mark Icon  Meets one of the key requirements for obtaining cyber insurance


Caution Icon

Endpoint Detection
  • Uncovers and eradicates known malware
  • Detects network threats and anomalies (e.g., lateral movement)
  • Policy-based email protection and data loss prevention (DLP)
  • Reviews User Behavior Analytics (UBA)
  • Identifies malware, misuse, file-based attacks, unwanted software, insider threats and more

Shield Icon

Threat Prevention
  • Stops malware (crimeware, ransomware, trojans, exploit kits, etc.)
  • Whitelists, blacklists, sandboxes, etc. threats
  • Catches them before or during execution

Check Mark Icon

Response Capabilities
  • Isolates an endpoint from the network
  • Kills processes and/or banning specific applications
  • Investigates endpoint activity to understand attack progression and root cause

Report Icon

  • Generates overview of why threat was detected
  • Gathers indicators of compromise (IOCs)
  • Analyzes timeline of event and classifies threat severity)
  • Produces endpoint and user info)