Managed Security Service Providers (MSSPs) have long provided businesses with a cost-effective way to monitor their IT environments, but as threats become more complex and difficult to detect, customer needs are evolving.
This blog explores the benefits of outsourced security operations, the limitations of traditional MSSPs and the emergence of Managed Detection and Response (MDR) to enhance organisation’s threat detection and incident response capabilities to the level needed to combat the latest sophisticated threats.
What is an MSSP?
An MSSP is a provider of outsourced security monitoring and management. Typically, this encompasses managed firewall, antivirus, virtual private network, intrusion detection and vulnerability scanning services.
For a number of years, many small and mid-market organisations have turned to MSSPs to supplement their security capabilities and reduce the burden on in-house IT teams.
Security management and monitoring is complex and resource intensive, requiring extensive security expertise, technology and intelligence. Building an in-house SOC is therefore often beyond the capacity of all but the largest enterprises.
For a price that is often lower than hiring a single security engineer, MSSPs help organisations to improve their security posture, overcome the day-to-day challenges of security operations and meet a wide range of compliance requirements, including ISO 27001/2, PCI DSS and the GDPR.
What is MDR?
With modern cybercriminals increasingly sophisticated, covert and persistent, the service offered by legacy MSSPs is proving insufficient, forcing organisations to build additional capabilities in-house.
Traditional MSSPs are reactive rather than proactive, relying on signature and rule-based detection techniques that can overlook more advanced threats, such as memory-resident and polymorphic malware.
Furthermore, they often simply pass security alerts generated by managed security technologies ‘over the wall’, providing little contextual information or guidance on how to respond. This has led to the emergence of a new breed of managed service – Managed Detection and Response (MDR).
MDR is an advanced security offering that combines dedicated security expertise, a range of network and host-based detection technologies, plus advanced intelligence, analytics and forensics to help organisations proactively hunt for, investigate, respond to and remediate threats, 24/7.
Organisations that choose MDR benefit from improvements to both Mean Time to Detection (MTTD) and Mean Time to Response (MTTR), which helps to eliminate breaches before they inflict damage and disruption.
MDR vs MSSP
Factors that differentiate MDR providers from MSSPs include:
• A stronger focus on detection of threats that bypass perimeter controls
• A wider range of technologies used, including endpoint, AI & UEBA tools
• More advanced analytics and human-driven incident triage and reporting
• Significantly enhanced remote and offsite incident response capabilities
• Proactive threat hunting to identify previously unknown threats
• An emphasis on rapid service deployment
MDR is a significant growth sector within the cyber security market, with Gartner predicting that 15% of organisations will be using MDR in 2020, up from 5% today. More and more MSSPs are moving into the MDR market, but organisations need to review the capabilities of potential providers to ensure they meet expectations.
“Adoption of the term MDR by MSSPs should be met with healthy scepticism by buyers… Those exploring MSSPs for MDR services should assess the MSSP’s supported technologies and the availability of threat hunting skillsets”
Gartner, Market Guide for Managed Detection and Response Services
What to look for in an MDR service
When selecting an MDR service, it’s essential to seek out a provider with the expertise and experience needed to detect known and unknown threats. Organisations will benefit from working with offensive and defensive experts that understand the mindset of cyber attackers and can apply this knowledge to proactively hunt for threats and accelerate incident response.
Buyers should also look for suppliers with experience of leveraging a range of technologies so the solution can be customised to meet specific business needs. An effective MDR service will utilise both network and endpoint detection tools to provide deep threat visibility, and be capable of monitoring cloud, hybrid and virtualised environments.
Finally, organisations should also look for an MDR provider that utilises threat intelligence from multiple internal and external sources, and is willing to underscore its capabilities with a Service Level Agreement (SLA) to investigate and report incidents within agreed timeframes.
Why choose Redscan?
ThreatDetect™ is Redscan’s award-winning Managed Detection and Response service. Supplying leading red and blue team CSOC expertise, cutting-edge technology and proprietary Redscan Labs intelligence, ThreatDetect goes far beyond the scope of a traditional MSSP to provide the complete capabilities needed to hunt for and eliminate threats 24/7.
Reasons to choose us:
• Leading security experts with a deep understanding of offensive security
• Installation, optimisation and management of all deployed technologies
• A vendor agnostic approach and swift solution deployment
• Rapid incident reporting via Redscan’s CyberOps™ analytics platform
• Award-winning customer service and remediation guidance
Read more:
How to address the challenges of cloud security monitoring
Preventing data exfiltration through network and endpoint monitoring
Identifying and tackling distribution fraud