With the threat landscape constantly evolving, identifying the best cyber security service for your organisation can be challenging.
The diverse and fast-changing nature of the Managed Detection and Response (MDR) market makes the process even more difficult. A new report, MDR Market Guide: reducing the costs and risks of cybersecurity investments, from independent technology research and analyst house, Bloor, outlines the key features to consider when selecting an MDR provider. Bloor’s analysis aims to help cyber security decision-makers better understand MDR by providing an overview of the industry and the key players within it.
Bloor’s report highlights the importance of organisations first identifying their threat detection use cases in order to select the most suitable MDR service. This insight should be coupled with a clear understanding of how MDR differs from more traditional Managed Security Services and the “flavours” of MDR available.
MDR is an advanced security offering which provides the capability that companies, particularly those lacking in-house security resources, need to proactively hunt for, respond to and remediate threats. According to Bloor, a good MDR provider should combine dedicated security expertise, specialist detection technologies and the latest threat intelligence to:
- Improve threat visibility and coverage
- Detect threats 24/7/365
- Accelerate incident response
- Reduce time to security maturity
- Facilitate compliance
“Complexity and resource constraints are a major burden for any organisation where security is concerned. MDR services will help to overcome those restraints and realise real business value from the investments that they make.” Bloor
MDR overcomes the limitations of traditional managed security services, which tend to be focused on the monitoring of particular technologies (often customer-owned) and may not provide a high level of detection coverage and the outcomes needed to identify and defend against more advanced attacks.
MDR providers place a stronger emphasis on threat hunting and the detection of unknown threats. This is through the aggregation and analysis of a wider range of security telemetry and use of behavioural-based detection tools. While some providers deliver MDR by focusing solely on Endpoint Detection and Response (EDR) technologies, others, such as Redscan, are capable of leveraging a wider range of toolsets and are more agnostic in their approach.
However, as Bloor’s Market Guide points out, MDR services aren’t just focused on detection. MDR providers also aim to deliver the actionable outcomes organisations need to respond more swiftly when incidents occur. This includes automated response actions to contain and disrupt threats before they can cause damage.
Key MDR features to consider
Bloor’s report identifies a number of important features that organisations considering an MDR service should look for when evaluating providers:
With technology being only as good as the people using it, one defining characteristic of effective MDR is human expertise. A good MDR provider should provide experienced security experts that are capable of detecting and responding to threats 24/7 across a wide range of environments. Rising cloud adoption means that cloud security services expertise and support for hybrid environments should be key considerations when choosing a provider.
“A more personalised service will be provided by MDR providers that give their customers named analysts and engineers who can be reached directly and will be familiar with the customer’s environment” Bloor
Network and endpoint visibility
The ability of an MDR provider to aggregate and analyse a wide range of security telemetry is cited by Bloor as an important consideration for organisations that want to achieve wide threat visibility and minimise blind spots.
“Organisations should look for a service that can ingest data and activity feeds from all devices that connect to the network to ensure that there are no gaps in their security coverage. All data sources should be continuously monitored to provide protection on a 24×7 basis.” Bloor
Proactive threat hunting
Threat hunting is also highlighted by Bloor as a key defining characteristic of MDR services, benefiting organisations “with a better chance of catching an attack early in order to limit the resulting damage”. An MDR service which aggregates high-quality security telemetry and intelligence can expand threat coverage and proactively hunt for emerging threats before they cause damage and disruption.
Orchestration and response
Another key consideration identified by Bloor, is how effective an MDR provider is at integrating detection technologies and threat intelligence. This is cited as important for enhancing the speed and quality of incident analysis and investigation, reducing false positives and helping to automate incident response actions.
Offensive security knowledge
Knowledge of offensive security is also cited by Bloor as a feature to look out for. According to Bloor, some MDR providers offer penetration testing and red teaming in order to helpstrengthen threat coverage and visibility. As discussed in the report, these types of engagements are valuable because they show “where the security programme is performing well, as well as highlighting gaps that have been overlooked.”
Comparing MDR providers
The vendors listed in Bloor’s MDR Market Guide are assessed against three main criteria – services, automation, and Bloor’s Bullseye methodology. This methodology assesses vendors in the areas of stability and risk, support and location, value, innovation, awareness, and adoption. Scores in each of these areas are aggregated to form one ‘Bullseye score’. The highest scoring companies are nearest the centre and categorised as either a Champion, Challenger or Innovator.
Redscan named as a ‘Champion’ MDR provider by Bloor Research
Redscan is proud to have been recognised by Bloor as a ‘Champion’ MDR provider – the highest category awarded to businesses.
“Redscan is a pure-play MDR provider that use its own technology to integrate a wide collection of toolsets. Offensive security, research and continual development are of primary importance. The one to choose in the UK.” Bloor
Read Bloor’s MDR Market Guide report to learn more about MDR and discover why Redscan ThreatDetect MDR is recognised as a market-leader.