MDR versus MSSP
A traditional MSSP (Managed Security Service Provider) operates the security tools — firewalls, logging, AV — and delivers alerts. An MDR provider operates the tools and the response: 24/7 SOC analysts watching the EDR/XDR/SIEM, triaging alerts, taking response actions (isolate the device, kill the process, disable the user) within their authority. MDR collapses the alert-fatigue gap that traditional MSSP often left for the customer to staff.
What to evaluate when buying MDR in Australia
Five criteria separate good MDR providers: SOC location and language coverage (does the SOC operate in AU business hours or follow-the-sun), authorised response actions (can they isolate devices, disable users, change firewall rules), bring-your-own vs vendor-owned tools (do they require their EDR or can they run yours), depth of Microsoft 365 integration (Defender XDR, Sentinel native), and incident-response retainer scope (does the contract include a response engagement or only monitoring). For mid-market tenants on Microsoft 365 E5, an MDR provider running Defender XDR + Sentinel native is usually the right shape.