Ever since Managed Detection and Response “MDR” service was created, it has been a hot topic in the security industry. Because of that, many providers are flocking to the solution to provide their own flavor of MDR. Having options is generally a good thing, but the new providers and services are offering options that aren’t always favorable to the customer. Many providers are using legacy services to capitalize on the MDR buzz without really addressing the key services gap that MDR is intended to provide: the response element to the service.
What is Managed Detection and Response? Learn more here.
Let’s go back..
While it can be debated why MDR came to fruition, our opinion is that many Managed Security Services Providers (MSSP) were falling short on the response element of their solutions. Many providers at that point (and still today) focused primarily on finding indications of compromise but left most of the heavy lifting to the customer for what to do next. Customers complained that their providers were nothing more than a network alarm clock. The MSSP would monitor logs and messages from the customer’s security devices and forward alerts to the customer. Often, they would provide little further detail than the logs and a blog post for suggested remediation ideas. This was not enough for less mature organizations, organizations with limited resources, and organizations with limited expertise – basically the kind of organizations that need managed services.
Where we are today
Today many providers are offering MDR services to help solve the issues customers faced with traditional MSSPs. MDR providers use their own technology to detect threats and provide the human component to help respond to indications of compromise. They fill a need for customers who lack technology, expertise, and resources.
Many providers got to this point by starting companies focused on MDR services. Others expanded their existing MSS to include MDR services. Others altered existing technologies to provide the capabilities needed for MDR. Because of these different approaches, not all services are the same.
Not all R’s are created equal
Many service differences between providers lies squarely on how they respond. The “R” in MDR isn’t a standard. This is because of the different approaches providers have taken to market, their technologies, or their own resources. The response element is the most costly and difficult. It requires people. Skilled experts who perform the human analytics needed to properly service a customer.
Things to look out for
Because there are many options and a lack of standardization in the offerings, customers need to be careful of how their service is delivered. Because not all “R’s” are created equal, the customer needs to spend time understanding this element of the service. The following are response elements of an MDR service to look out for:
At Nuspire, a veteran in the MSSP industry, we took a client centric approach to MDR offerings. We understand why customers wanted an MDR service. They need the technology, resources, and partnership to combat today’s threat landscape. Nuspire provides multiple options to deploy services to meet the customer requirements, gain visibility, and provide the best risk reduction per dollar spent. The only element that is not customizable is the response. Nuspire provides no cap on response, resources, or access to systems and expertise. As a true partner Nuspire provides the service commitment customers need to address all elements of an MDR solutions, and most importantly: response.
Find out the latest threats targeting your organization and why response is a key component to keeping your organization secure.