1. What is MDR?
“Managed detection and response, or MDR, is a cybersecurity service that combines technology and human expertise to proactively monitor, detect and respond to cybersecurity threats 24/7. Businesses deploying MDR outsource a proportion of their cybersecurity operations to a third-party provider, who then provide proactive threat hunting to detect and respond to any perceived threats. Unlike a managed security services provider (MSSP), MDR not only detects but actively responds to incidents affecting the network.”
2. What are the benefits?
“By continuously monitoring cyber threats, businesses can detect and respond to an incident in a matter of minutes. This allows businesses to either prevent an attack from happening or contain the impact of one on their organisation – including heavy financial losses and operational disruption. Businesses can also access external cybersecurity knowledge on a range of specialist topic areas without having to hire additional talent. This allows businesses to save time and money that would otherwise be spent on hiring externally, as well as allowing internal IT teams to focus on more strategic tasks.”
3. Why are so many businesses adopting MDR?
“With businesses now facing a cyber attack every forty-four seconds, MDR is the new cybersecurity buzzword. The volume, scale and complexity of attacks is increasing, with ransomware rising by 50% year-on-year during the first half of 2023. AI is lowering the entry level for hackers by allowing less skilled threat actors to launch attacks from the comfort of their own home. As a result, businesses are facing a highly challenging and complex cyber threat landscape and require the protection MDR provides. Businesses are also struggling to recruit professionals capable of combatting these cybersecurity threats, so having access to external expertise is another significant advantage of deploying MDR.”
4. What are the consequences?
“While vendors are rightly responding to this increased demand, in doing so they are sometimes incorrectly claiming to offer MDR without an understanding of what the service actually is. This is leading to some businesses mistakenly investing in services not offering the protection MDR provides and facing hidden costs as they plug these gaps at a later date. This is resulting in businesses not having enough protection against the threat environment, making their organisation and associated third parties vulnerable to an attack. Many vendors may also adopt a one-size-fits-all approach and not account for the requirements of the organisation when offering MDR. This leaves gaps in the network and further damages the line of defence.”
5. How can the channel help?
“Firstly, those working in the channel must have a good understanding of the services they are selling. This includes MDR, and whether it is actually included in the solution they are offering. Channel partners must also work with businesses to improve their knowledge of MDR and its associated advantages, while setting expectations about the service not being a ‘silver bullet’ solution. On top of this, partners should assess their customer’s specific needs and consider whether the business actually requires MDR. If they do, partners should then work with leaders to find a service tailored to their requirements, in turn allowing them to make an informed decision about the service they are choosing to investing in.”
6. What does the future look like for MDR?
“As attacks against businesses rise, MDR adoption will increase accordingly. This will particularly be the case for small and medium-sized businesses (SMEs), who will deploy MDR as a way of enhancing protection while reducing the amount spent on cybersecurity. Tools like AI and ML will continue to play a key role in detecting attacks by automating responses and providing faster remediation. Rising service demand will also result in the development of highly specialised MDR services tailored to specific industries, protecting businesses of all sizes against the future threat landscape.”