The job of managed detection and response (MDR) teams, as their name suggests, is not limited to detecting cybersecurity threats. They are also responsible for carrying out the right actions in response to specific threat alerts.
If there were less than a hundred alerts, and they were all black or white, everything would go smoothly; at least when it comes to following up with the appropriate responses. Alerts with a definite malicious component would then be processed easily to quarantining and blocking stages, while benign alerts are ignored. But the cybersecurity landscape has become more complicated than that, for several reasons, including the facts that: