Hello and welcome to this webinar entitled Tame the Cyber Storm MDR to the Rescue. I think for many organizations it feels that they are facing a cyber storm and over the past couple of months I've been doing a bit of research into MDR and I found that it's probably one of the best solutions for most organizations especially mid to small organizations to help tame this cyber storm. Today I'm going to be talking mostly about what I found in my research results and hopefully you'll find that very interesting.
So you are muted centrally so don't worry about the the sound controls and we'll be running some polls during this webinar so please participate in the polls and you'll find those on the polls tab so when I ask you to answer a poll question please go to the polls tab in the live storm control box and then you'll be able to participate in those polls.
I'm really interested to get your feedback on some of these questions and there'll be a Q&A at the end of the webinar but feel free to put your questions in at any time and then we'll get hopefully we'll get around to those at the end and get time to answer all the questions again.
I'd like to make this as interactive as possible so please ask those questions again you'll find these on the questions tab hopefully that'll be fairly easy to find and we are recording this webinar so don't worry about too much about taking screenshots and making notes and that kind of thing you will be getting the recording and you'll also be getting the presentation slide deck so don't worry about any of those things either.
So just to run you through the agenda I'll give you a brief overview of the topic of MDR and then I'll look at the key findings of the research that I've been busy with and then a quick overview of the methodology that we use here at Cooping and Cole and then we'll end off with a focus on the innovation that we're seeing in this area of MDR and then as promised the final bit will be we'll look at the results of the polls and we'll just see how everybody who participated voted and we'll also go through some of your questions.
So that poll question the first one coming up now I'd like to know what is your organization's position regarding MDR services so you don't have one or but you're considering having one or you have an MDR service but it's just not meeting your needs it's just not doing what you need it to do or you have an MDR service I beg your pardon the second option was it is meeting your needs and the third option is you have one but you're looking to upgrade to a better one.
So if you could just take a few minutes to go to the poll tab in the control panel and just give me your answer whether you don't have one do have one and you're happy do have one and you're not happy. Okay thanks very much. So yes like I said most organizations feel that they're facing a storm of cyber security conflict and and cyber threats and stuff like that I just think that many organizations feel overwhelmed even the larger organizations are struggling to have big large enough teams to to kind of run down every kind of alert.
I think one of the biggest problems that I've heard just speaking to various people across the industry is this whole problem of vendor fatigue and vendor alert fatigue I mean it's just that there's just too much alerts too many alerts coming in and there's just not enough time and not enough people to actually deal with them.
So I think the the best point of departure was I was looking for a quote to kick things off with and I found this one managed detection and response services are essential in today's cyber security landscape providing organizations with the expertise and continuous monitoring needed to detect and respond to threats effectively. Now this quote was from somebody who at one time anyway you couldn't go to a security conference either on either side of the Atlantic without encountering him. I don't hear much about him these days but I haven't been in the U.S.
for a while but this comes from Bruce Schneier and I think I chose this quote simply because it really encapsulates my findings with this research. So just to give you a kind of an overview of how I see MDR or how we see MDR is that it's the kind of what sits between all the various systems like EPDR and NDR and SIEM and SOAR and CASB and CNAP and those kind of things and delivering the outcomes that organizations really need. They need threat detection, they need incident response, they need alert management and they need continuous improvement.
So now to just have a quick look at an overview of the main aims of MDR and I won't go through all of these in detail but you can have them in the slide deck. A lot of these slides are just for your reference but I think the most important thing is to strengthen ability to monitor and detect and respond to security threats 24-7 and as in the quote by Bruce Schneier I think the continuous monitoring is one of the biggest challenges for most organizations.
They don't have the staff to do 24-hour monitoring and they don't have the staff to deal with all the alerts that are coming out of that anyway. Then this idea of continuous improvement I think is a central one to MDR. It's because you're not having to deal with it on your own, you've got this almost like a partner that you're working with so they can help you to continue to improve your overall security posture, make recommendations and that's what you don't have if you're just sitting with a bunch of tools. Another outcome here is provide comprehensive view across your security environment.
I think a lot of organizations have gone for point solutions over the past couple of years trying to solve for new challenges or things that come along that are threatening their organizations and then they just end up with, as Martin Kueppinger likes to say, a zoo of products and they're not really working well together. So at least if you involve a managed detection response provider then they can look across your estate and then help advise you to get the best out of what you've got.
I think also another thing is it's very important to enable in-house security teams to focus on and manage strategic security initiatives. So the idea here is to take the pressure off the teams that you do have, so whether it's just one or two three people who are focusing on your security systems, to be able to take care of the constant stream of alerts so that they can sit back and say okay strategically where do we need to go, what do we need to do.
Then as I've already hinted at increasing the value of the assets that you already have, I think as we'll probably discuss more in more detail in just a little while, is that MDR solutions can enable you to tap into the output of the systems that you've already invested in and then to get a better return on investment. And then if you are struggling to run any of the tools that you do have, like EPDR and SAW and SIM and XDR, they can help, some of the MDR services can help with that too.
So I won't go through these in detail, so this is kind of just the main aim, so you know to decrease the volume of alerts and reduce the time it takes to respond, to apply advanced analytics and to update and integrate the coordinate the security tools which we've talked about as well, and to bridge the skills gap.
I think you know this is a real challenge for many organizations is that they may actually only have a few people in-house or they just don't have enough people in-house and they need that little bit of extra help and so this can bridge the skills gap and at the end of the day improve visibility. You can go through those in your own time. So one of the things that I think organizations are faced with is that when they look at MDR tools there's just a whole range of flavors and it's not immediately clear what's sort of behind the toppings and so on and you know what it is that organization.
So there are many flavors, that was the idea of the slides just to give you an idea, that there are just so many different flavors of MDR and hopefully we can help you find out which flavor is the best flavor for you. So that's why we produce leadership compasses which looks at the market and tries to make the market understandable to end-use organizations and then we engage with vendors in that market to help you identify which vendors are the best suited for you.
So for this particular leadership compass I looked at, I rated the vendors on the left and on the right hand side you can see the vendors that we weren't able to get to participate this time around but that we found interesting for various reasons. So now let's get to the kind of more interesting part hopefully is the key findings of the leadership compass but first I want to ask you another question. If your organization is looking for an MDR service what are the main reasons?
Is it to deal with a large number of security alerts that are being generated by the security systems or is it because you want to improve the overall cyber security protection without hiring more staff or is it because you want to reduce the costs of maintaining an in-house security team or this is just something that you are needing to do because your cyber insurance company says they want MDR or you're wanting to reduce premiums because you want to be able to prove that you're kind of doing everything that's necessary to monitor what is going on across your IT estate.
So if you could just take a few moments there just to go to the polls tab and give me your answer to the second poll question. Thanks very much. So right without any more delay let's look at some of the key findings and so the first one we've I've alerted to already is that you know not only are there many flavors but there's kind of a whole range of services.
Now a couple of years back I did a paper on market compass report on SOC as a service and at that time it seemed to be a sort of discrete market that was emerging but when I came to do this managed detection and response it kind of occurred to me that really all of these things could all be grouped under managed detection and response and it was just kind of degrees of what they were doing and so there is this kind of whole range from simple alert triage or SOC as a service all the way through to full MDR and that's including incident response.
So you know as I said earlier this is kind of one of the main reasons of this report is to help you understand the market and find out what is that you need and what is available in that market to service those needs.
The key element of MDR is the focus on continuing improvement on the cyber security posture so that's going to going beyond the services of traditional managed security service providers so that's why here we've got the whole almost kind of some of the vendors offer what they call concierge services so it's far more personalized and customized than you could probably get from a traditional MSSP.
MDR solutions that cater for all sizes of organizations provide the opportunities even for small companies to get the benefit of enterprise level SOC so that's I think one of the best things for a small organization is that here you can get a MDR service and you're getting an enterprise level SOC because let's face it the threats that are are facing small organizations are not sort of tailored for small organizations. They you know they're not sort of going oh well this is a small organization will go easy on you.
It's just you know it's the full it's the full might of whatever the threat is and so often even small organizations need this kind of enterprise level SOC and then most MDR solutions now meet a range of use cases from insistence of in-house SOCs and security teams to full outsourcing so it was very interesting that I saw that you know some organization some vendors are focused on the end of the market where there is a team.
It is a big team it is a well-established team but they're just needing that kind of additional bit of help in times of crisis so to speak all the way down to smaller organizations who just don't have any in-house capability and just want to outsource it all.
So MDR solutions typically help to fill in the skills gap and maintain that round the clock monitoring and deal with the large volumes of alerts increasing in across increasingly complex IT environments because I think this is the problem is the more tools that many organizations acquire the more complex their IT environments become not only just on the security side but just in general because you're having to do business now you're having to do it online and there's just so much more in the IT estate. So here an MDR solution it just kind of helps fill that gap.
An interesting thing that I found too they always there seems to be an effort by the MDR providers to focus on risk prevention and risk management. Now this is something at Kuping and Colbert we've been talking about for years now is that it's sort of important to think of this of cyber security defense in terms of managing risks and so I quite like this new thing or in one of the this aspect of MDR is that there is a focus on risk prevention and risk management.
So it's not something that you're having to do but it's a really good approach to cyber security that we strongly endorse and that is something that you will get from most MDR providers without having to hire extra people so a really strong benefit there. MDR solution adoption has increased as organizations realize that technology alone cannot fully protect against their cyber threat so this is kind of what I was alluding to earlier by saying that you're just buying extra tools.
I think most organizations have realized that's just not doing it you need somebody who can who can provide the overview and I guess that's the one of the main benefits of an MDR service is that they have a much bigger SOC team and it's most more often than not international and seeing what's happening around the world. So when you know something happens in your organization if you have such a service then they can put that in the context of they can put that in a global context rather than you're just trying to have to figure it out in sort of in isolation in silo.
So it's kind of my in my humble opinion as they would say MDR is kind of the only way that many organizations are able to consolidate all of their security threats tools and systems into a single point of control and I think that for me this is what one of the strongest benefits of MDR is that it kind of can pull everything together and it's giving you that kind of single overview and you can be more confident that everything that needs to be looked at is being looked at. So now we can look at the market. I want to look at the market growth.
I think that's important because although the names may change I mean we have SOC as a service and a lot of these vendors have now switched into kind of talking about them as MDR and who knows the MDR term may also change and evolve but I think when we look at the growth of the market I think this service is obviously something that is meeting a very real need out in the market and it's probably not going to go away. So whatever we call it this kind of service I think will still be around for quite some while and it's continuing to grow.
So based on the data that we got from this research and previous research we kind of were able to do calculations of where we think the market's heading and it turns out it's kind of around about 22.5 percent CAGR. Some other analyst companies have put it at slightly higher than that and some under but this is kind of the number that our data supports so I'm pretty confident that this is kind of really where we are and if we do an extrapolation of that we can see that you know we're sort of heading towards a 7.9 billion dollar industry come 2027 which is not too far away.
So what is driving this market? What is responsible for that growth? So obviously at the top of the list is the increasing need to secure critical cloud data and this is happening I think because there's more organizations are adopting cloud. It makes sense and it's what's kind of especially new organizations are just kind of going straight to cloud. It means they don't have to do all the hardware investments and perhaps it also has some you know fewer staff, they need fewer staff.
So this increase in cloud data means that you've just really really got to be on top of it and that may be beyond most organizations because that's not their that's what they call business. So the increase in frequency and severity of ransomware attacks is another key driver of this. I think you know we had a huge spike of ransomware and but it hasn't gone away. I think you know it's almost like coronavirus.
You know people were very aware of it and it's quite strange now looking at stuff on television where you know that is all set in 2020 and that time you look back on that time you think of it as kind of a bygone era but the the era of ransomware is like coronavirus. It's not gone. I mean the people are still getting ill and ransomware is still out there and so I think this is something that organizations are experiencing and they want a way to deal with that and quite a few of the MDR services are specializing in that.
They're kind of focusing on ransomware attacks as a kind of a key go-to-market strategy.
Then of course there's the growth in data protection regulations and you know it just it seems even from our point of view that there just seems to be a constant stream of regulations and we also keep an eye on what's going on from around the world and so in just in the US alone for example each state now almost has it's starting to get its own set of data protection regulations so really you need to know where your data is what kind of data it is and how it is being protected to comply with whatever regulations either apply locally or nationally and obviously in here in Europe we've you know we've got GDPR that we need to to worry about and then of course there's a whole raft of other things also coming.
The expansion of IT environments as I said earlier you know the nature of business these days means that you're just you're now having to be more mobile, more organizations are looking at sort of edge computing and cloud computing so all these are areas where data sits and it needs to be protected and so you need to have a way of looking across across this and managing the threats that could impact this rapidly expanding IT estate.
And of course the shift to remote and hybrid work models obviously we saw that at the height of the pandemic but I think post-pandemic it's continuing as it's becoming a way of life I mean I know some of the big organizations are going oh yes they want they want people to come back to the office but I think for many people it's become a way of life now and having had the flexibility of working in a hybrid fashion I can't see that disappearing anytime soon but that obviously has security implications and MDR services can help meet those extra security demands by keeping an eye on things.
Obviously now with unrest around the world and sort of conflicts of various makes and shapes there's the rising threat of data breaches particularly from the state sponsored attacks. I think we've seen more and more of those in recent years and I don't think that's going to change anytime soon so that's another reason why even small organizations that may not necessarily have been targets of cyber attacks in the past are more likely to come in a frame now so once again MDR can can help meet those needs.
Of course alongside that their conflict is the escalation in cyber espionage campaigns and they typically target personal information and credentials so that you know they can get to intellectual property so I think any organization that has intellectual property to protect MDR is something worth considering and then of course all of us are producing more data.
I mean that is the way business is run now it's run on data so we're generating more of it and there are you know sort of cyber criminal organizations out there who are able to capitalize on whatever data they can get their hands on so the amount of data that needs to be protected is increasing so the need for more effective protection is increasing all the time and of course the board mandates for cyber security reporting they are now responsible increasingly in terms of the legislation that we've been talking about so they want to be able to know from their security teams or whoever's responsible for some security what is the status of cyber defense in the organization how are we protecting the data that we have and again you know this provides a way of being able to report that to the board and this is another interesting thing that I've heard from CISOs is that more and more cyber security insurance providers are wanting are wanting MDR services or something akin to that so that they have the assurance that everything is being monitored and that there is the kind of risk management component in there the risk avoidance of component and then also the ability to proactively respond to incidents and so I quite like this idea though that the cyber insurance industry is working in a way to help organizations improve their posture rather than just kind of underwriting stuff on high premiums is to kind of say well if you do this your premiums will come down and overall it's kind of a net win for everyone okay so let's have a those were the kind of main findings of the research but let's have a quick look at the evaluation criteria but before we do there's the third and final poll question so this time I'd like to know of those who said you were looking to upgrade what were your main reasons you're looking for a service that offers greater automation services are you looking to improve detection and response times or are you looking for a solution that offers more of the risk management services that I was talking about or are you looking for a solution that has better cloud and IOT support so again you could just take a few minutes to to have a look at those options and then just to vote in the poll tab of the livestorm control panel and we can look at the results towards the end okay so just to give you a brief overview you can go back and have a look at these slides obviously we identify which vendors are active in any marketplace and then we invite them to take part and those who agree to take part then we send them questionnaires they answer quite an extensive questionnaire we get those answers in we analyze those and we write up the report and then we go back to the vendor and say have we accurately reflected what what your solution can do and then we publish that which is kind of available on on our website so for managed detection and response we came up for those vendors with a list of required capabilities I'm not going to go through these now this is kind of more for your reference so this can help you with RFPs these are some questions that you can ask potential vendors is this you know or you can assess a potential solution in terms of these required capabilities have they got have they got them but for this report we kind of looked at at a small set of of what we consider to be really important areas so we looked at coverage that meant how much of the IT estate was there good coverage for IoT for OT for edge environments so that was what we evaluated under coverage then we particularly looked at cloud or container support and coverage and then under strong authentication was you know how sort of well protected is the solution and how well is you know is there kind of second factor authentication to allow people to get in and that kind of thing we looked at security around around security basically and then detection obviously and response capabilities were the two kind of key areas that that we rated but then we also looked at threat intelligence how many sources are used for the MDR solutions how is that threat intelligence applied how where are the threat intelligence teams located how do they respond and then finally we looked at how much support that the solutions gave to the end user organizations which I think is kind of important and so the way we reflect that is in a spider chart so obviously one of the main reasons on me talking to you today is to kind of encourage you to go and look at the report if you are interested in in acquiring or improving your MDR solution and then just to find to find the solution that meets your your particular needs the best so looking at these spider diagrams you could see I've removed the this is one of the vendors in the report but I've removed the the name of the vendor but you can see for example now if your particular requirement is for cloud and container support this perhaps wouldn't be the best choice for you so that that's kind of what the idea of this is is to kind of give just a visual representation representation of where the particular strengths of of any single vendor is so the other dimensions we look we look at nine other dimensions so again security now this is not the the ability of the solution to produce this kind of secure solution but again as I said security around it measures the degree of security within the product or service so we look at things like authentication and access controls and encryption again I won't go through all the all the this in detail but you can just see the main areas we look at is security functionality obviously deployment interoperability is another big one obviously it's pointless if an MDR solution is in unable to connect with what you have usability is also consideration if it's kind of very clever and it's all singing all dancing but it's difficult to use then that's also kind of pointless and then the other things we look at are innovation how innovative is the solution the market share that that organization has their ecosystem and their financial strength so those are all the things we consider and we rate and score and that enables us to kind of draw up a scale of product leaders to tell you who's who's kind of leading in in the product side of things most functionality and completeness of product then market leadership so this tells you who's kind of strong in the market how you know one the ones that are growing was that partners and have a support ecosystem then of course innovation which is something that we'll look at in detail towards the end of the time our time together and the main thing that everyone tends to look at is the overall leadership and so for this particular one here is here is the overall leadership graph and you can see they're all quite tightly grouped together so what this tells you is that in in this particular market be it's highly competitive and there is really not that much separating them so you really need to look very carefully at at what your requirements are and then match that to the vendors so just for a quick look at innovation key areas of innovation obviously is greater use of machine learning and AI increased use of of generative AI because that that way summaries can and reports can easily be generated obviously there'll be a heightened focus on on securing cloud environments and then we're seeing specialized support for for IOT and container environments I'm also seeing a deeper organizations or players sort of aiming for deeper integration with other security tools they're also wanting to enhance the capabilities for compliance there's expanded focus on ransomware and a great investment in proactive threat hunting to identify and mitigate threats before they materialize and great customization so this is kind of to meet the particular needs of organizations so in the future we see you know having considering the the future of the MDR market we think that there's going to be advanced AI driven services there will be comprehensive cloud and IOT security offerings and I think we'll see more industry specific MDR solutions there are some at the moment but not that many and I think we're going to see more of them I think there will also be greater focus on proactive and predictive threat hunting and but as always there will be market consolidation so I can see that you know we have many market players at the moment but I can see that consolidating in in the near future so hopefully that was a very useful rundown for you and we'll just kind of have a quick look at at some of the questions that you've asked how can MDR services benefit small and medium size businesses okay so this is a fairly common and a good question I think I've sort of covered this a little bit is that that the threats facing small organizations are the same threats facing big organizations so you know this gives you that access to an enterprise level SOC team but MDR services you know so they they provide SMBs with access to dedicated team of experts that are available sort of around the clock to detect and respond security incidents so you know most small organizations by definition just wouldn't have that also MDR services typically include guidance on security investments and strategies so they they are able to you know help you through to kind of decide what you need in your security estate and what you don't and how to make these things work better together and how to get the most out of it via the MDR platform and so they offer all of this without the sort of financial and logistical challenges of building and maintaining an in-house team which which is can be challenging for most organizations and particularly for small organizations so you just have access to this whenever you need it and we're seeing an emergence of MDR services especially tailored for for SMB markets so I I think that that you know unfortunately not many I've encountered these after I've completed the report but hopefully next time around we'll be able to include a couple of these for for that can be you'll be able to look at what they offer especially for the small and medium-sized businesses so hopefully that that answers your question there Alfred okay let's have a look what else okay oh yes okay can can MDR solutions integrate with existing security infrastructure uh yeah well obviously they they they must and they should you know it's it's kind of they're designed to manage an array of cyber security technologies and that's usually through some sort of integrated platform so they should be able to work with existing security tools like EPDR and SOAR and SEAM and XDR and so that would be kind of an expectation that I would have and that would be a very important question to to ask within the RFP is kind of around the integration and how well would that MDR solution work with with your own particular estate and what you've got at the moment I'll just quickly answer the last question is is this is also a very common question is what is the difference between MDR and XDR so so both of them are solutions obviously that are designed to boost an organization's ability to detect and respond to threats they just differ in their approach and the scope and MDR is is kind of like a managed service with a team of experts handling the security operations on behalf of the customer organization whereas XDR provides sort of like a technology platform that integrates and correlates data from various security tools to support in-house security operations MDR typically focuses on specific areas like endpoints and networks providing targeted monitoring and response services whereas XDR I think provides a much broader coverage and they aggregate data across multiple security domains but really the short answer is that the lines are blurring that that you know XDR and and MDR it's very difficult to say what is one and the other I think the only simple the best way to think of it is MDR is kind of managed XDR so you often an MDR service has got an XDR platform of their own which they're using to provide the managed service so the key there is in the word manage so the bottom line is think of MDR as managed XDR and in fact some MDR providers are are sort of going to market with this their solutions as managed XDR because it's I think at the end of the day it's just important to understand what it is that your organization needs is it something that you can manage in-house and get the information and deal with it or do you need that extra layer of help that extra layer of support in the managed side of things.
So I think we've come to the end of today's presentation. In the slide deck you'll also get a link to some research materials from Kupinga Colbert we think that will be helpful to you in this area and of course there's KC OpenSelect go and check it out and that can help you there are MDRs available but as well as many other topics and then that will enable you to put in your requirements in that kind of spider diagram version and then you'll be able to come and make the perfect match for you and otherwise if you've got extra help please reach out to us and maybe speak to our advisory team.
I hope you found today useful and enlightening and thank you for your participation and we hope to see you on the next webinar so thanks for me and goodbye.
