MSSP vs MDR (Managed Detection & Response) Providers: What to Consider
In September of 2020 we dove into Five Questions to ask your MSSP to help IT professionals navigate the complexity of choosing the right Managed Security Services Provider. Below is a quick summary of those questions:
What kind of reports do you provide and how often?
Do you support hybrid cloud infrastructure?
What is your shared responsibility model?
Who do you partner with?
Proof of Concept?
Today, we want to talk about a solution we believe is starting to eclipse MSSP and that is Managed Detection and Response or MDR services. Gartner defines MDR providers as “24/7 threat monitoring, detection and lightweight response services to customers leveraging a combination of technologies deployed at the host and network layers, advanced analytics, threat intelligence, and human expertise in incident investigation and response.” In layman’s terms, you can consider Managed Detection and Response providers as coaches who will identify the attacks within your environment, notify you of issues (within minutes) and advise you on remediation steps, however they will not provide the actual staff or “hands-on” services like an MSSP would.
Let’s talk about the main reasons why organizations might choose an MDR provider, over an MSSP, and what you need to consider in your evaluation. Below are a few key questions we use to determine how an offering like this might fit with one of our clients.
How advanced are your security operations and staff today?
One of the first questions we ask clients is: How mature is your security posture today? For organizations who have made large investments in technology, staff and resources, an MDR solution might not be the best fit as many of their benefits are already being covered internally. However, for the large majority of organizations this is not the case. Typically, we find organizations tend to be understaffed and under resourced when it comes to their security operations which therefore puts them in a compromising position.
Have you made investments in security tools, like endpoint detection and response, already?
Another key point is around technology investments. Has your organization made investments in technology tools like firewalls, endpoint threat detection, or email security? If so, you might find a MDR solution to be the perfect complement as an MDR provider will ingest data points from these individual toolsets and offer a better picture of the overall health of your environment. The providers will not rip and replace your technology investments, instead they focusing on monitoring them.
Do you have the staff to do this yourself?
Potentially the most fundamental question an organization must ask is whether they have adequate headcount to monitor their assets and environment 24/7/365. As you can imagine, for 9 out of 10 organizations the answer here is no. This is why MDR solutions have become so popular over the last 24-36 months. We find many companies make large investments in technology, but do not adequately staff their security team to support the tools.
Organizational Alignment?
Outsourcing one or many aspects of your security operations to a third party is like a marriage. It takes trust, work and commitment to deliver success. Your organization and its leadership must understand and support the implications of outsourcing something as critical as security. Your MDR vendor’s success ultimately is your organizations success. It’s imperative you make sure all your stakeholders support this decision. You might consider brokering meetings between the potential vendor and your leadership team so everyone is on the same page and agree on expectations and deliverables. If this piece is missing, things have the potential to get messy.
Do you have enough vendor diversity?
Lastly, a common scenario we see today is when one of our clients already use a managed services provider in some form or fashion and said provider can also offer managed security services. In many cases, but not all, this tends to be a concern for us. The pros of this scenario is vendor consolidation and your existing provider has intimate knowledge of your environment. The downside here is virtually the same. Using one vendor for multiple services tends to create a level of risk should this provider perform poorly, go out of business, lose critical team members, etc. We advise our clients, especially in security, that vendor diversity is good for the business and to mitigate risks. You wouldn’t necessarily want your plumber fixing your car just because you have their number on speed dial already.
Next Steps
In closing, Managed Detection and Response services are not a silver bullet for any organization, however if implemented successfully these solutions can help mitigate risk, augment your security staff and prevent critical events from impacting your environment. We believe this market will only increase in size and competition, which is a great thing! More competition equates to vendor R&D which equates to next generation toolsets to protect your critical assets.
If you want to learn more about MDR and how it compares to MSSP providers, please contact us, we’ll walk you through your options and considerations at no cost.