Safetech Innovations Webinar: MDR and SOC – from first aid to cybersecurity emergency room

Safetech Innovations Webinar: MDR and SOC – from first aid to cybersecurity emergency room

On October 9, 2025, Safetech Innovations held the webinar “MDR and SOC: From First Aid to the Cybersecurity Emergency Room”, dedicated to understanding how Managed Detection and Response (MDR) and Security Operations Center as a Service (SOCaaS) cybersecurity services deal with the key challenges of today’s security operations. During the webinar, Cătălin Gherghiceanu, Presales Manager Safetech Innovations, presented seven major challenges in security operations, analyzing how they can be managed efficiently through MDR and SOCaaS services.

The Safetech Innovations specialist clarified the content of the two types of services, exemplifying the role of each in the security architecture of an organization. The event also included the presentation of the MDR and SOCaaS services provided by Safetech Innovations, based on the expertise and infrastructure of Safetech CERT (STI CERT)® – the first private Computer Emergency Response Team in Romania, active since 2015 and accredited as a Trusted Introducer.

Latest Trends in Digital Operations & Terminology Clarification: MDR vs SOC

Cătălin Gherghiceanu opened the webinar with a presentation of two important global trends in the field of digital operations. The first aims at the integration and convergence of IT Operations, CyberOps and DevOps in a unitary model – DevSecOps (Development, Security & Operations). This principle promotes continuous collaboration between the 3 traditional teams, for cost optimization.

The second trend is “Shift-Left” in security operations, which involves moving critical security activities as early as possible in the development cycle of a product/application. This is achieved through practices such as threat modeling in the design phase, Static Application Security Testing (SAST) or Infrastructure as Code (IaC) scanning, for early identification of vulnerabilities and reduction of cyber risks.

At the same time, the manager of Safetech Innovations provided clarifications on the concepts of IT Incident Management, SOC, CSIRT, CERT and MDR. “MDR focuses on rapid incident detection and response (EDR, NDR, XDR technologies), while a modern SOC includes extensive activities, such as vulnerability management, risk assessment and security posture optimization. Although the services may vary from one provider to another, we believe that flexibility is essential, adapting them to the needs and specifics of each client” , explained Catalin Gherghiceanu.

Managing Security Operations Challenges with MDR and SOCaaS

Next, the Safetech Innovations representative exemplified the differences between MDR and SOC by presenting seven common challenges in security operations in organizations, namely the volume and noise of alerts, lack of resources and skills, limited integrations, the need for 24×7 monitoring, the rapid evolution of threats, the need for compliance and cost efficiency.

For example, organizations that use a number of separate security tools face tens of thousands of alerts daily, many of which are false positives. Causes? The right tools are not used or misconfigured, there are not enough data sources to create meaningful context, or events and alerts are not correctly correlated. MDR services reduce this volume through Endpoint Detection and Response solutions, preconfigured for as many scenarios as possible, and through specialized L1–L3 teams that filter and escalate only real incidents. Safetech Innovations recommends the use of tools with modern AI/ML mechanisms, which can do effective filtering, so that specialized personnel can focus on a small number of alerts with the potential for escalation in incidents.

In addition to MDR, SOCaaS services use SIEM or XDR platforms with SIEM capabilities, which integrate data from multiple sources, which they enrich with context. In addition, they have UEBA (User and Entity Behavior Analytics) capabilities. The result: much more accurate filtering, reducing false positive alerts. Also, through SOAR (Security Orchestration, Automation, and Response) functionalities, SOCaaS provides rapid response capabilities.

Other challenges and use cases presented during the webinar:

• The global shortage of analysts and high recruitment costs make it difficult to form internal teams. MDR provides quick access to dedicated specialists through predictable contracts, and SOCaaS complements with a multidisciplinary team and access to up-to-date technical expertise gained by working with a broad customer base.
• Multiple security solutions that are difficult to unify reduce operational efficiency. MDR simplifies deployment and operation through a single EDR agent and provides consolidated visibility for endpoints (PCs, servers, smartphones, etc.), and SOCaaS adds a central SIEM and integrated SOAR automations with threat intelligence and vulnerability management modules.
• New types of attacks (fileless, supply-chain, zero-day, APT) require advanced detection capabilities. MDR responds with behavior-based detection and machine learning on endpoints, with immediate reaction and isolation, while SOCaaS complements with proactive threat hunting and integrates external threat intelligence sources.

For more details, we invite you to watch the full presentation of our colleague, in the video recording of the webinar “MDR and SOC: From first aid to the cybersecurity emergency room”.