IDG Contributor Network: Managed detection and response: disruptive approach or sheep in wolf’s clothing?

A visit to major security conferences, such as RSA and Black Hat, quickly demonstrates the industry’s love of hyperbolic rhetoric and absolutist promises of pan-threat protection. Of course, once the hype is replaced with deployments, real world delivery falls short of visionary promises. It’s a cycle of holy grail to fail.

Recently, Gartner released the third edition of its Market Guide for Managed Detection and Response (MDR) Services. Enter the new disruptor. The vendor list has doubled from the original fourteen. The list contains new vendors to the stage, and the group of usual suspects, who up until last year, were in other vendor categories. The optimist will say these vendors are adopting a better approach; the cynic will say it’s more marketing sizzle than product steak, and a way of riding the hype wave. Either way, it leaves the industry confused wondering if the sheep or the wolf is wearing the other’s clothes.

The MDR guide certainly acknowledges this ambiguity, arguing that MDR vendors provide turnkey solutions that detect threats and respond with a mix of reporting, disruption, or containment actions, wrapped in a 24×7 service. Fractured from the traditional MSSP category, MDR brings near real-time threat management to smaller and medium companies that cannot afford to build their own in-house SOC and security team, the way larger firms, such as banks and insurances companies do. What sets MDR apart from its MSSP genres, is lightweight incident response as an intentional focus on threat management, rather than device or alert management. It’s a clever approach, and certainly gets the point of security: Find attacks and stop them before they metastasize and become a business disrupting event. 

In terms of disruption, it moves companies closer to the goal line. Considering MDR on an evolutionary line, it pushes the industry away from an instrumental approach of managing devices towards an intrinsic mindset determined to protect the firm, its investors, employees, and clients. We can now see the forest instead of worrying about the trees.