Definition, Benefits, How to Choose a Vendor, and More
According to Gartner, managed detection and response (MDR) vendors provide services to companies and organizations that aim to improve the way they detect threats, respond to incidents, and monitor their IT assets continuously.
What is Managed Detection and Response?
Managed detection and response is a service that arose from the need for organizations, who lack the resources, to be more cognizant of risks and improve their ability to detect and respond to threats.
Different companies offer their own set of tools and procedures in detecting and responding to threats. However, all managed detection and response offerings share the following characteristics:
MDR is more focused on threat detection, rather than compliance.
The services are delivered using the provider's own set of tools and technologies,
Managed detection and response relies heavily on security event management and advanced analytics.
While some automation is used, managed detection and response usually involves humans
Managed detection and response service providers also perform incident validation and remote response.
Managed Detection and Response vs. Managed Security Services
Managed detection and response may sound similar to managed security services but there are some distinct differences between the two, including:
Coverage.
Managed security services can work with different types of event logs and contexts. The customer decides which of their security data is sent to the MSSP. With managed detection and response services, they only work with event logs that their own tools provide.
Compliance reporting.
If you need compliance reporting, go for a managed security service, as managed detection and response services rarely do compliance reports.
The human touch.
One of the upsides of managed detection and response offerings is that you get more human interaction with analysts. Managed security services rely on portals and e-mail rather than direct communication.
Incident response.
With managed detection and response, you only need a separate retainer if you want on-site incident response. Remote incident response is usually included in what you pay for the basic service. This is not true for many managed security services, where you need separate retainers for both onsite and remote incident response.
Benefits of Managed Detection and Response
Like any outsourced service, managed detection and response service providers allow you to gain a team of experts at a price you can afford. For companies who don’t have the time or resources, this is especially useful. In addition, some of the tools used by these providers are too expensive to buy on your own and may not be easily found or readily available. Depending on your provider, you could even get customized implementations to cater to your specific cybersecurity needs.
MDR vendors not only detect and analyze threats, but also stop them. When a threat is detected, they will first verify if it is a real threat before informing you to take action to avoid the scare of false alarms. MDR providers can help your organization deal with advanced attacks that even traditional managed security service providers might not be prepared for. Gartner predicts that 15% of midsized businesses and bigger corporations will be using MDR services by 2020, a big leap from the less than 1% of companies that are currently using them.
What Should You Consider When Selecting a Managed Detection and Response Vendor?
If you’re considering managed detection and response services to enhance your organization’s security posture, here are a few important factors to consider:
While a relatively new facet of information security services, managed detection and response is proving to be valuable for companies aiming to create a more robust, comprehensive security posture. If your organization is looking to improve its incident response and threat detection programs, an MDR vendor could be a cost-efficient way to achieve these goals.