Gartner MDR-1

2021 Market Guide for Managed Detection and Response Services - A Gartner Report: Thoughts from Bitdefender MDR

Reading time: 10 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Gartner® released its first Market Guide for Managed Detection and Response (MDR) back in 2016. At the time, MDR was still an emerging market, comprised of security monitoring providers with approaches just starting to veer away from the traditional managed security services model. As such, the main focus of the guide was how MDR differed from MSSPs.

Flash forward to 2021, and MDR is a recognized market, “estimated to reach $2.15 billion in revenue by 2025 up from $1.03 billion in 2021, for a compound annual growth rate (CAGR) of 20.2%”. In Gartner’s sixth annual Market Guide for Managed Detection and Response Services, we believe the focus is now less on delineating between MDR vendors and MSSPs, but more on what really constitutes managed detection and response. 

If you’re looking for an MDR solution, this complimentary report is mandatory reading. As with all Gartner Market Guides, this Gartner Market Guide for MDR is a useful resource to take along on your buying journey as you evaluate MDR vendors and learn the different delivery styles and how each could potentially address your needs.  

Bitdefender MDR is featured for the first time as a “Representative Vendor,” and to celebrate, we’re sharing some thoughts that will help remove the burden of having to figure out “what method or vendor to use” for managed detection and response capabilities.  

On MDR service and packaging…

Gartner: “A common delivery platform for all customers which provides centralized reporting. The delivery platform ensures all customers receive a common set of TI and security analytics and essentially a comparable service experience. The platform therefore should be expected to use orchestration and automation (for example, security orchestration, automation and response [SOAR]) capabilities to augment and optimize, but not replace human analysts in the providers’ SOC.” 

Our take: “MDR Providers bear the distinct privilege of having centralized not just security talent, but also a vast amount of threat intelligence resulting from a large customer base and a constant flow of telemetry. For instance, Bitdefender's TI is fueled by 30 billion threat queries a day from hundreds of millions of endpoint sensors. To build on this advantage, we've ensured that within our delivery platform, automation & orchestration (SOAR) is inseparable from our operations. This means that activities such as threat intelligence research, customer-specific investigations, and hunts automatically advantage all of our customers instead of a select few. As mentioned, the additional benefit is that the preponderance of our analysts' time is spent on proactively hunting for threats in our customer base.” – Jadon Montero | Sr. Director of Product Management, MDR

On validation and testing…

Gartner: “The use of validation-type capabilities such as breach and attack simulation (BAS) and penetration testing as a services (PTaaS) to test and understand threat scenarios in an environment on a continuous basis — rather than traditional, single test or annual test mechanisms.” 

“Breach and attack simulation (BAS) and automated penetration testing capabilities are beginning to be seen as an effective way to validate vendor claims regarding coverage and complexity of detection mechanisms. An increasingly attractive approach for buyers is having a third-party, independent testing and simulations provider offer the ability to validate capabilities and harden security posture during the course of an engagement.”  

Our take: “Penetration testing as a service is an interesting one. I agree – It should be a continuous process, not just a compliance, tick-in-the-box, "one point in time" view of the environment that has been the traditional annual approach to pen testing. Although not strictly pen testing, this might be where MDR can come into its own. Surely, having expert analysts continuously looking for anomalous behavior and suspicious activity that could have circumnavigated a tool or vulnerability, but caught quickly, trumps "check box" pen testing? And it's 24/7/365 monitoring, detection and response.” – Danny O’Neill | Director, MDR Security Operations

On cloud security…

Gartner: “There is an expansion of threat detection and response services for cloud environments, which is steadily becoming more visible. MDR services providers are maturing and expanding their offerings. However, it’s still a work in progress. Coverage for popular SaaS applications such as Microsoft 365 and Google Workspace is increasing, but broad coverage for SaaS (such as via a CASB solution in the provider’s technology stack) is still rare.

Our take: “MDR providers need to ensure their technology stack is integrated into cloud environments but they mustn't forget that a lot of malicious activity still happens on servers which are hosted in the cloud. As organizations move to SaaS applications, much of the security of those applications is the providers responsibility, and organizations need to ensure robust and strong security processes and posture around access management – a good MDR provider will help with by recognizing weaknesses and providing recommendations.” – Dan Pitman | Director, Technical Solutions  

 

Want to read more? Download the complimentary 2021 Gartner Market Guide for Managed Detection and Response Services 

 

Gartner, Market Guide for Managed Detection and Response Services, Pete Shoard, Craig Lawson, Mitchell Schneider, John Collins, Mark Wah, Andrew Davies, 25 October 2021 

Gartner is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.