September 3, 2019
Managed Detection & Response – Why you Need it
Managed Detection and Response (MDR) is the latest evolution in managed security services. It’s goal is to deliver on the need to elevate security management from protection alone to effective security attack detection and threat and incidence response.
Inquiries by companies related to acquiring managed detection and response services have been growing at a rate of 35% in the last 12 months according to Gartner Research. With growth in usage estimated to be 20% in that same time frame. By 2024, it is expected that 40% of mid-sized companies will be using MDR services as their ONLY managed security service. According to Gartner, “the goal of MDR services is to rapidly identify and limit the impact of security incidents to customers. These services are focused on remote 24/7 threat monitoring, detection and targeted response.
Security Managed Services versus Managed Detection and Response
Security Managed Services refers to product-centric services to manage individual products like firewalls, endpoint security, SIEMs or the like. These services are great for companies who need to offload a few management tasks or don’t have the expertise necessary to manage them properly.
MDR services are a step up from product-centric managed security services in that the focus of MDR is to provide companies with a secure integrated infrastructure that manages, monitors, and contains threats or attacks without your intervention. Once a threat is detected, it is analyzed to determine the best way to quickly contain it. At that point, you are notified so that you can take the proper course of action for any remediation.
What Does a MDR Service Provide?
A robust MDR service provides a managed integrated security solution based upon a combination of security products and management solutions. By integrating security intelligence, threat, attack, user behavior, network traffic, and other security information, it is possible to put together a more complete picture of a companies ongoing security posture.
Generally included in an MDR service is a enterprise class SIEM (security information and Event Manager) like IBM QRadar, a UTM firewall and an endpoint security solution with detection and response (EDR) capabilities. The SIEM inspects server, client, and security product logs, security events, and network traffic and correlates, analyzes and alerts on suspected threats and attacks. By adding other security products into the mix like multi-factor authentication (MFA), web application firewalls (WAFs), and software patching solutions companies get a more complete integrated security solution.
Services delivered as part of an MDR service include:
- Policy Definition and Provisioning
- 24 x 7 Security Monitoring
- Threat Detection
- Security Product Management
- Ongoing Threat System Adjustments & Tuning
- Incidence Response
- Threat Containment
Services like remediation services are normally separate projects and not included in an MDR service.
Why You Need MDR Services?
Companies like yours need MDR services because:
- MDR Delivers the Most Complete Security for Your Company
- You Don’t have Enough Trained People
- Your Security Team are Not Experts on MDR and How to Integrate the Right Security Products
- You’d Rather Have Your Team Work on Revenue Generating Projects
- It Saves You Money (Hiring, Training, Monitoring, Analysis)
- Gartner Research: Market Guide for Managed Detection and Response Services. 15 July 2019