ESG Report: How Important is MDR to Security Teams?

With threats continuing to evolve and architectural and environmental shifts, organizations know that traditional cybersecurity strategies aren’t sufficient. Few organizations have the resources needed to build, purchase, and leverage intensive security analytic tools. Even organizations with robust security teams struggle with the vast amount of work required to properly defend an organization and response to threats and compromises. The security talent shortage is also a key pain point as there are fewer and fewer experts equipped with the knowledge and training needed to address modern cybersecurity challenges.

As a result, many have considered the use of Managed Detection & Response (MDR) in order to complement, and in some cases, completely outsource significant cybersecurity responsibilities.

But what are these teams looking for in the MDR service providers? Our latest report has the answers.

An overview of MDR

MDR services vary widely depending on the vendor and the needs of an organization. Despite the name MDR services provide support beyond standard endpoint detection and response capabilities and, depending on the vendor, can be relied on as a fully-equipped cybersecurity resource that incorporates multiple telemetry sources, engages in active threat-hunting, and is available 24/7 to handle any threat or security compromise.

By employing MDR, organizations will be able to

Increase their cyber resilience: MDR provides organizations the proactive and recovery resources necessary in case of an attack.
Mitigate damage in case of a compromise: By being available 24/7, you’ll be able to react quickly to any kind of threat and minimize the damage an attack can inflict.
Realize cybersecurity quicker: For organizations who have a minimal cybersecurity department and/or few resources, onboarding an MDR partner is much faster than having to procure multiple security tools and technologies from a number of different vendors.
Complement their existing cybersecurity environment: Due to the security talent shortage, organizations may find themselves with the right technology, security analytic sources, but no team to optimize their use. MDR services can help leverage your existing tools and even centralize multiple data sources to streamline your security efforts.

How MDR fits within an organization

While the case for MDR is clear, the variety of services and applicability is a big question for many organizations. What is the best way to leverage an MDR partner and what should security leaders look for in an MDR service provider?

It’s also important to know how an MDR partner fits within the larger roadmap of a company’s IT and risk strategy. Is there an ideal time or set of circumstances that’s optimal for an organization to work with an MDR strategy?

Given the nascent nature of this new class of cybersecurity vendor, the answers to these questions are unclear.

Our latest report, however, aims to shine a light on MDR.

What security teams want from MDR providers: An ESG report

We worked with ESG to get an understanding of the major trends driving MDR adoption while also assessing the state of the industry. ESG surveyed 373 cybersecurity and IT professionals who are involved with cybersecurity technology, products, services, and processes.

Among major highlights we found that:

77% of respondents described their MDR provider as “a strategic operating partner that has improved our overall security program”.
The top three factors that drove organizations to initially engage with an MDR provider were security assessments (57%), vulnerability assessment and management (47%) and threat intelligence services (46%).
Important additional considerations in the MDR selection process included XDR, SASE, and MITRE ATT&CK framework support.