According to Gartner’s glossary of terms, a managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral. MSSPs use high-availability security operation centers (SOCs) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.
Gartner states that managed detection and response (MDR) providers deliver 24/7 threat monitoring, detection and lightweight response services to customers leveraging a combination of technologies deployed at the host and network layers, advanced analytics, threat intelligence, and human expertise in incident investigation and response. MDR providers undertake incident validation and can offer remote response services, such as threat containment, and support in bringing a customer’s environment back to some form of “known good.”
Let’s use these definitions as a baseline and distill capabilities that this paper describes, and we’ll show why the definitions are not necessarily separate. Some of today’s next generation MSSPs can provide both MDR and managed security services (MSS) when they have the right expertise, processes and technology to discover, investigate, respond, mitigate, validate and improve overall security posture. Security decision-makers no longer need to think in terms of MDR versus MSS, as you can see.
Get the white paper to learn our five top tips for choosing a next-generation MSSP that offers MDR capabilities.