Managed detection and response (MDR) has received a lot of attention lately. However, is it just marketing hype, or does it offer security professionals and buyers new hope? The field of cyber security is often known as the land of a thousand buzzwords, many of them overused. Machine Learning and Advanced Persistent Threats (APT) are just a few that come to mind from recent years. Both concepts are valid, but the appropriate context can be lost when the words are overused and applied to anything and everything that may be related.
The reality is that MDR has been around for a long time. It’s nothing new – companies, including Delta Risk, have been offering various forms of MDR services for some time. Recently, however, Gartner put the spotlight on the term MDR and created a Market Guide that defined it as “improving threat detection monitoring and incident response capabilities via a turnkey approach to detecting threats that have bypassed other controls.”
Gartner’s emphasis on MDR is certainly noteworthy. However, as John Hawley, Delta Risk Vice President of Managed Security explained in our webinar, “Forecasting the Future of Managed Security: Why You Need a Modern MSSP,” “detection” and “response” should be a core component of any modern managed service services provider program. MDR is specifically focused on endpoint detection response (EDR) capability, providing insight at the endpoint, where many attacks are targeted.
Modern MSSPs should solve problems and offer solutions, not just send alerts. A strong MDR capability allows providers to be much more responsive and go beyond basic prevention. Improving insights on endpoints allows response teams to investigate and say with certainty that action must be taken. Alternatively, investigators can also validate that nothing needs to be done and dismiss events entirely.
Here are some other areas in which MDR differs slightly from traditional MSSP offerings:
- Compliance reporting – Typically, MDR services don’t include compliance reporting, while MSSPs do.
- Event log and context sources – With MDR, the provider usually operates the proprietary technology stack; with MSSPs, the customer typically decides which security data will be sent.
- Automation – Compared to traditional MSS models, MDR relies less on automation and emphasizes direct human analysis of security events and customer alerts.
Taking this into consideration, we believe that MDR should already be baked into the services of a modern MSSP. An MSSP’s ability to deliver this supportive technology is important. At times, organizations will pull in separate MDR capabilities, but modern MSSPs should be able to deliver the complete solution set on their own.
As the managed security market grows and matures, MSSP Alert predicts that MDR + MSSP mergers will become more common, a trend we have already seen this past year.
Managed service providers (MSPs) looking to augment their managed security capabilities should consider partnering with modern MSSPs that already offer MDR capabilities. In the upcoming Delta Risk webinar, our experts discuss the benefits of this approach.
We’ll discuss:
- The current MSSP landscape and why it’s growing
- Why MSPs need to add managed security to their services
- Pros and cons of partnering with an MSSP vs. building your own solutions
- The value of working with Delta Risk as an MSSP