Organizations Should Look to MDR to Fill Cyber Resource Gap, Featuring Gartner Insight
In my last blog post I listed some major differences between a Managed Detection and Response (MDR) Service and a SIEM (security information and event management) system. I mentioned that of all the challenges organizations face while building up their breach detection and response capabilities, nothing really compares to the difficulty of trying to hire and retain cyber security experts.
In Gartner’s recent Market Guide for Managed Detection and Response Services, the analysts highlighted the following as a key finding: “Organizations are looking to improve real-time threat detection and incident response capabilities; however, they often struggle to invest limited resources in the required people, processes and technology.”
In other words, many organizations are coming to the point where they realize the criticality of building breach detection and response capabilities, yet there is a clear mismatch between the wish and the reality when it comes to the resources required for such initiatives.
Therefore, Gartner recommends that IT security and risk management leaders involved with security monitoring and operations should:
- Use MDR services to implement threat detection and incident response capabilities when they don’t exist or are immature, or when approaches such as Managed Security Service (MSS) haven’t met expectations.
- Use MDR services when a turnkey service is the goal, and decisions on technologies, expertise and processes are left to the provider.
- Evaluate providers offering MDR-type services that can improve their incident response capabilities now or in the future, when requirements point toward using an MSS provider over an MDR service provider. 
To Gartner’s third recommendation, I would add that decision makers should evaluate the incident response capability of an MDR vendor when you make your purchase decision.
A timely detection of a breach is not a happy ending, but only a hard beginning. It’s then that the lengthy and expensive incident response process kicks in. This process will require expert data forensics and incident response work, and is a necessary component of recovering the organization to its known good state.
A typical response scenario includes removing the adversary from the network, cleaning up or restoring affected systems, resetting compromised accounts, determining where the intruder has been, and determining what the intruder has done. Most companies don’t have the in-house expertise or capabilities to perform these types of activities, and so must call on a third party to help. Therefore, it pays off to choose an MDR service vendor with solid track record in incident response and forensics .
Jyrki Rosenberg, Executive Vice President of F-Secure’s Corporate Cyber Security Business Unit, says:
“As a leading cyber security company, we are very proud to have been recognized by Gartner as a Representative Vendor in its 2016 Market Guide for Vulnerability Assessment , in its 2016 Market Guide for Endpoint Detection and Response Solutions and most recently in its 2017 Market Guide for Managed Detection and Response Services.F-Secure is leading the way in developing and offering high-end detection and response solutions for demanding customers as well as innovating in the area of vulnerability assessment with our F-Secure Radar product.’’
1) Gartner, Market Guide for Managed Detection and Response Services, Toby Bussa, Craig Lawson, Kelly M. Kavanagh, Sid Deshpande, 31 May 2017
2) Gartner, Market Guide for Vulnerability Assessment, Oliver Rochford & Prateek Bhajanka, 5 December 2016
3) Gartner, Market Guide for Endpoint Detection and Response Solutions, Peter Firstbrook & Neal MacDonald, 30 November 2016
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.