1 Introduction
Industrialized cyber-criminal operations and increased nation state sponsored cyber espionage activities mean that most organizations are under continual cyber-attack, but the worldwide shortage of cybersecurity skills means many organizations are struggling to keep up with attackers, and security teams are often overwhelmed by the number of security alerts being generated by a multitude of security systems.
These and other related factors are driving the growth and evolution of the managed detection & response (MDR) market for solutions that manage a collection of cybersecurity technologies or an integrated platform for a client organization to provide advanced cyber threat detection and response capabilities, including security operations center as a service (SOCaaS) solutions.
MDR solutions are typically backed by teams of security experts that provide round-the-clock monitoring, analysis, response, and remediation, as well as advice on how to improve the client organization’s cyber security posture. MDR solutions, therefore, go beyond traditional managed security services (MSS) from managed security service providers (MSSPs), which typically focus on compliance reporting and helping customer organizations to meet security compliance requirements.
All organizations, regardless of size, face similar cyber threats and therefore need advanced cybersecurity detection and response capabilities. Smaller organizations often lack the budget and skills to do this, while all organizations struggle to fill cybersecurity positions.
MDR solutions mean that even smaller organizations can tap into the benefits of having a large team of experts with relevant technologies continually on call to detect and respond to incidents and help guide investments, strategies and processes without the cost and challenges of finding and retaining people with the necessary skills.
Where there is little or no in-house threat detection and response capability, MDR solutions help enterprises to outsource the majority of their security operation, including security related management of networks, endpoints, applications, websites, databases, and security logs. Many MDR services enable organizations to outsource their SOC completely if they do not have the resources to act on recommendations for containing threats, and in a growing number of cases, MDR services support automated response capabilities.
Where there is some in-house security capability, MDR can be used to supplement this whenever necessary to ensure that an organization has at its disposal all the cyber security skills and capabilities required to deal with high-risk threats and critical incidents.
Even large organizations with in-house security teams find it challenging to manage security information & event management (SIEM), network detection & response (NDR), endpoint detection and response (EDR), security orchestrations, automation, and response (SOAR), and even identity & access management (IAM) systems to deliver the required security outcomes. As a result, they are turning to MDR service providers to help with this, as well as provide rapid automated containment capabilities for common threats.
Business benefits of MDR:
- Strengthen organizations’ ability to monitor and detect security threats and respond to security incidents 24/7.
- Continually improve overall security strategy and posture.
- Provide a comprehensive view across the fragmented IT environment.
- Enable in-house security teams to focus on and manage strategic security initiatives.
- Increase value from existing security investments.
Operational benefits of MDR:
- Helping customer organizations deal with high volumes of security alerts.
- Reducing the time that it takes to identify and mitigate security incidents.
- Providing advanced analytics of threats and user behavior.
- Rationalizing, updating, and integrating/coordinating security tools.
- Improving visibility and governance of business IT environment across the whole enterprise.
- Providing tools and expertise to deliver or augment EDR, XDR, and SOAR capabilities.
- Monitoring and supporting compliance with cybersecurity regulations.
Evidence of the increased demand for MDR solutions can be seen in the rapid growth in the market. KuppingerCole Analysts predicts that the compound annual growth rate (CAGR) of the MDR market will be 20.1%, suggesting a market size of approximately $3.88bn by 2025.
Figure 1: KuppingerCole projected MDR market growth