Implementing and managing security is not easy for any organization. We recently had the opportunity to (virtually) sit down with key analysts from IDC including Martha Vazquez, senior research analyst, IDC Security Services, Craig Robinson, program director, IDC Security Services, and Philip Harris, research director, risk, advisory, management and privacy. These analysts are on the front lines of cybersecurity research, advising organizations on security strategy. Our Q&A session covered topics like, “Do organizations still view MDR as just advanced EDR?”, “What are the top priorities for the modern CISO today?” and “What does it mean to be a resilient organization?”
To read the IDC experts’ responses, check out the Q&A below.
Bitdefender: IDC notes Managed Detection and Response (MDR) is the fastest growing segment of the Managed Security Services Provider (MSSP) market with a 25% compound annual growth rate from 2019-2023. Even though more and more organizations are leveraging MDR for improving their detection and response capabilities, are there still misconceptions about what MDR is or should do?
Martha Vazquez: Awareness of MDR and its value is growing, but we do still see a lot of people with the belief that MDR is just managed endpoint detection and response (EDR). A lot of our research is focused on clarifying that MDR is much more than simply managed EDR. We are having more conversations with organizations about how true MDR brings in telemetry from the cloud and other threat intelligence sources, along with proactive threat hunting.
Craig Robinson: I agree with Martha - three years ago most organizations viewed MDR as advanced EDR but now, with COVID-19, where we have seen an unprecedented push to cloud, I really don’t think you can have true MDR without XDR (extended detection and response) capabilities.
Bitdefender: What do you think is driving the most interest in MDR – is it security staffing shortages or the realization that they just can’t keep up with advanced threats?
Craig Robinson: CISOs are under so much pressure, and the key value driving interest is that MDR provides 24x7 monitoring, detection and response which means peace of mind and, quite frankly, lets them sleep at night.
Martha Vazquez: If you look at our recent survey data, many organizations reported having a lack of resources and not having the staff to mature their SOC (security operations center) processes or the ability to quickly respond to an attack. We hear from a lot of organizations that they want added telemetry and help in making sense of the data to make it actionable. They see the MDR provider as a partner in this effort. Like Craig said, I hear from CISO’s leveraging an MDR provider say, “I can sleep at night and not worry.”
Phil Harris: As someone who has been a CISO and advises CISOs on a regular basis, MDR is valuable as heck. Organizations get the benefits of rich information and don’t have to run a SOC or port information into a SIEM (security information and event management console) if they don’t want to. Even for organizations with a SOC, MDR provides complementary value with added security expertise. Extending security operations to a MDR provider can enable in-house staff to focus on critical projects driving the business.
Bitdefender: Security is always changing, but the threat landscape over the past year seems to have become even more difficult to keep up with. What are the priorities for the modern CISO today?
Phil Harris: We all know security is a big spend item now - you can never really have enough people to throw at the problem so the more leading edge or “modern CISO” is one who looks at the overall risk and sees ways to partner with outside specialists who can do things better, faster, and less expensively than doing everything internally. Modern CISOs are also looking at ways AI can help automate faster response.
Bitdefender: IDC recently published its “Worldwide and U.S. Comprehensive Security Services Forecast, 2021–2025: Growth Continues During and Beyond COVID-19” which provides a great overview of the market, with new survey data. One of the key points in the report is resiliency. The report says, “Resiliency, which has been a discussion topic for some time, is approaching "urgent" status given the impact of COVID-19 and the economic slowdown. Security is a key enabler of resiliency…” Can you talk a little more about this idea of resiliency and what you mean by that?
Craig Robinson: Yes, to me resilience is about being able to prevent as well as detect and quickly respond, so using MDR with a foundational capability for endpoint protection along with XDR capabilities is a way to reduce cyber risk with multiple techniques. Improving detection and response capabilities, while also getting additional telemetry and threat intelligence, is going to be the way forward. Resilience is also about gaining a certain level of maturity in how you deal with cyber risk, having a solid framework and plan to identify and reduce risks, and having a defined incident response plan – and practicing it so that you know it works! Resilience means your organization will be able to survive not only cybersecurity attacks but also partner supply chain issues and even attacks by mother nature.
A special thanks to the IDC Security Services research team for their time. Be sure to take a look at their latest research at IDC.com.
If you are interested in learning more about how an MDR provider can help you stay ahead of threats, detect and respond quickly to cyber-attacks, download this complimentary report by IDC’s Martha Vazquez, How an MDR Service Provider Can Help You Become Cyber Resilient in the Post-Pandemic Work Environment.