skip to content
Primary navigation

Managed Detection and Response (MDR)

MNIT provides Managed Detection and Response (MDR), as well as other grant-subsidized cybersecurity tools and services, to eligible local government entities through the Whole-of-State Cybersecurity Plan. MNIT’s goal is to place little to no burden on entities that may not have the staff or other resources to invest in advanced security tools. MNIT’s Cyber Navigator team supports the entire process and meets participants at the level of support needed. 

View a PDF Summary of MDR

Learn more

What is MDR and MNIT's MDR Program?

Managed detection and response (MDR) is a fully managed, anti-virus tool. MNIT's MDR Program provides low-cost, high-value solutions that otherwise might not be available to local government agencies. Sensors are installed on workstations, laptops, and servers, to monitor for security risks and malicious activity 24 hours a day, 7 days a week, 365 days a year. This is a completely managed solution, meaning the vendor and MNIT take the burden from organizations to detect and respond to cybersecurity threats. 

What security does MDR provide?

MDR protects your devices (workstations, servers) through active monitoring and response to mitigate threats prior to an active exploitation, compromise, or exfiltration of data. It can protect against the primary attack vectors, including malicious links and attachments, use of credential compromises, and the exploitation of vulnerabilities in your network.

What is the actual product?

MNIT works with a MDR vendor to provide a cloud-based solution without restrictions of operating systems or hardware. A single, lightweight sensor is deployed on systems with no reboots, and a unified console displays your security information. Among its many features, this product includes 24/7/365 monitoring by the vendor’s overwatch team, which consists of analysts actively hunting for threats outside of traditional methods to detect advanced adversaries.

Why is it important? What is the value?

MDR looks for the types of attacks that could lead to data breaches, ransomware, or other major events and blocks those attacks. This MDR product is provided at a substantial price reduction and makes security as hands-off as each participating entity desires. 

Who is eligible for MDR?

Minnesota's local government entities are eligible to participate in the Whole-of-State Plan and access MDR if they are: any Minnesota municipality, city, town, township, local public authority, critical infrastructure, school district, special district, intrastate district, county, Tribal Nation, port city, council of governments, regional or interstate government entity, or agency or instrumentality of a local government.

What is expected of participants?

Participants are required to sign a MNIT-provided work order, provide basic contact information and security goals, and deploy the sensors in their environments. The MNIT Cyber Navigator team is available to assist with each of these steps, including providing step-by-step instructions and meeting with participants to guide the process. Once entities are actively using MNIT’s MDR Program, there are few actions needed unless participants choose to be more involved in mitigation or wish to understand and track threats, mitigations, or other actions.

What is the deployment timeline?

The vendor’s security operations center (SOC), MNIT SOC, and MNIT Cyber Navigator team support participating entities through each phase of deployment and continued use. These teams are available to assist with any questions, schedule demonstrations, and expedite any issues you may encounter. The entire process can take as little as two weeks. However, entities are encouraged to start exploring this solution as early as possible to help answer questions that may arise. In some cases, the deployment process may be expedited to facilitate unique situations.

What support is provided?

The vendor’s SOC and overwatch team are actively monitoring 24/7/365. Users can submit support tickets directly from their console at any time. The MNIT SOC and Cyber Navigator team are available during extended business hours to lend support and can be alerted after hours as needed. Entities will determine who at their respective organization is notified and what type of actions trigger a notification.

What is the cost?

MNIT utilizes the MDR vendor across a range of environments which enables large-scale and considerably reduced bulk purchasing prices. The cost is then further reduced for local government partners through multiple cybersecurity grants. 

The current price model is as follows per device annually:

  • 2024: $18/device/year
  • 2025: $22/device/year
  • 2026: $32/device/year
  • 2027: $38/device/year
  • 2028 and beyond (after SLCGP funding has ended): $46/device/year

The current full cost ($46) reflects the bulk purchasing price. These annual per-device prices reflect current license cost and availability of grant funds. MNIT seeks to further implement cost-savings for smaller entities and additional longer-term subsidies are actively being explored.

Next steps

All eligible entities are encouraged to apply for MDR by following these next steps:

  1. Fill out the  Whole-of-State SLCGP Survey  with your organization’s information. 
  2. Send an email to the Cyber Navigator team notifying them you completed the survey: CN.MNIT@state.mn.us.
  3. Sign up for CISA Cyber Hygiene Services. This is a requirement for all participants.

After you complete steps 1 and 2, a Cyber Navigator will contact you to schedule a meeting. In that meeting, they will provide an overview, review roles and responsibilities, answer questions, and share the required program documentation for your organization to sign. After documents are signed, MNIT will schedule a kick-off meeting and provide an entity-specific deployment timeline.

Contact

If you have questions, please reach out to our Cyber Navigator team at  CN.MNIT@state.mn.us.

back to top