Protecting an organisation’s assets from cyberattacks remains an enormous challenge as the attackers’ tactics and capabilities become more targeted and sophisticated.
As organisations struggle to elevate their cybersecurity maturity level, managed detection and response (MDR) has emerged as one of the latest buzzwords in the security market.
A new report from International Data Corporation (IDC) examines the role of MDR in the managed security services (MSS) market.
IDC defines managed security services (MSS) as the around-the-clock remote administration and/or monitoring of IT security functions delivered by remote personnel at security operations centers (SOCs) operated by a third party.
As organisations have matured, so have the managed security service providers, moving from protection to detection by adding in more functionalities such as threat intelligence, security information and event management (SIEM) systems, incident response capabilities, and identity access management to raise the cybersecurity maturity levels for their clients.
And yet, chief information security officers (CISOs) have become increasingly frustrated at the number of attacks that have found their mark despite all the new capabilities that have been placed in the proverbial cybersecurity toolbelt.
Armed with the knowledge that some attacks will inevitably make their way into an organisations’ infrastructure, CISOs are coming around to the realization that having a proactive rapid response solution is just as important as having a strong defensive perimeter.
Enter MDR, a subset of managed security services (MSS) that encompasses the outsourcing of advanced security functions and utilizes a highly skilled and dedicated security team that delivers 24×7 monitoring, analysis, and rapid response to sophisticated attacks.
MDR combines all the tools, technologies, procedures, and methodologies used to provide full cybersecurity life-cycle capabilities for an organisation.
Service providers can deploy MDR services utilising a mixture of clients’ existing capabilities, along with the cybersecurity partner-supplied tools or services, and private intellectual property. MDR services are supplied by a provider’s well-trained cybersecurity staff in a 24x7x365 remote SOC.
“In the past 5-10 years, we have seen managed security services evolve in providing better detection and response capabilities,” says Martha Vazquez, senior research analyst: security services at IDC.
“MDR represents the latest attempt by managed security service providers to give organizations a fighting chance in their quest to protect the valuable assets that they are mandated to protect. CISOs need to make sure that they utilize an MDR provider that is equipped with the latest tools, technologies, and trained personnel that their clients need to fulfill their critical mission.”
The core capabilities a MDR service must provide at the minimum include: extended detection and response (EDR/XDR) for endpoint/network, cloud, or messaging systems; integrated threat intelligence; regular use of human-led threat hunting; remote incident response; and the intellectual property (IP) of the methodology and procedures needed to pull these systems into a deliverable service.
But the most important capabilities, as identified by CISOs in an IDC survey, are 24×7 monitoring and classification of alerts, integration of threat intelligence, and integration with existing security technologies.
“The variety of companies that are offering MDR services is substantial. While security services have grown, one thing for sure is that the breadth of services available makes it a win-win situation for customers,” says C raig Robinson, program director: security services. “Every organisation operates at a different maturity cycle in its security program, so the buyer should look at a provider to include the components that will inevitably help them achieve their long-term security program goals.”