Last updated at Tue, 25 Jul 2023 23:17:28 GMT

Cyber threats have risen to the #1 concern of CEOs, which means security teams — in the hot seat for years — are really feeling it now. Files and data live in the cloud. Work is hybrid or remote. There’s turmoil around the world. Cyberattacks are not just a distant boogieman – they’re here and happening every day.

As companies try to make sure their existing security infrastructure can keep up, they confront the skills gap, a 0% industry unemployment rate, and no room for mistakes. Managed Detection and Response (MDR) is having a moment.

According to a recent ESG study, MDR is one of the fastest growing areas of cybersecurity today. A whopping 85% of surveyed organizations currently use or plan to use managed services for their security operations. And 88% say they will increase their use of managed services in the next 1-2 years.

What’s driving this move to MDR? Let’s take a look at six main factors.

1. Focus

Augmenting an internal security team means internal security personnel can focus on more strategic security initiatives rather than day-to-day operational tasks. In fact, 55% of surveyed organizations want to focus their internal security teams on more strategic initiatives rather than spend time on daily basics, the ESG study found.

By partnering with an MDR provider, alert triaging and investigations are generally taken care of by the external team. Of course, your organization still has some things you’ll need to do – partnership is the name of the game. But by working with a MDR service, security teams suddenly have more time and bandwidth to work strategically.

2. Services

ESG reports that 52% of companies surveyed believe managed service providers can do a better job with security operations than they can.

What you would once have to train your detection and response team to do, MDR providers take over. That means they’re able to detect active attackers within your environment and contain threats. Analyze incidents and provide recommendations for remediation, and apply learnings from other environments they manage to your environment to make sure you're protected from the latest attacker behaviors. Finally, good MDR providers are able to pivot into breach response if an attacker is live within your network.

To learn more about how to evaluate MDR providers on eight core capabilities, read the MDR Buyers Guide here.

3. Augmentation

About half of organizations (49%) believe a service provider can augment their security operations center (SOC) team with additional support.

Most companies that are able to build internal SOCs are generally well-funded, can afford roughly 10-12 full-time personnel, have a large array of security tools at their disposal, and have extensive processes already outlined. Sound doable? Great! If not, augmentation by way of an MDR provider is your tall glass of water.

Sign on with an MDR provider, get deployed, and your team is instantly extended. Benefits include time savings, cost savings, and experience level that most companies can't afford to hire at scale.

4. Skills

No surprise, 42% of surveyed organizations in the ESG study believe they don’t have adequate skills for security operations in-house.

MDR is more than outsourcing 24x7x365 monitoring. It’s a partnership that helps you move towards a more secure stature with guidance and expertise.

This type of partnership allows teams to contextualize metrics and reports, get a better understanding of investigations that take place within their environment, and have someone to walk through processes should an attack take place. You also have an expert in your corner during CISO, board, or executive meetings.

5. Price

40% of surveyed organizations did a cost analysis and found that it would cost less to use a service provider than to do it themselves.

We won’t sugar-coat it – partnering with an MDR service provider is expensive. But so is building out an internal team that can actually monitor and investigate within an organization’s environment round the clock.

The cost of partnering with an MDR provider pales in comparison to the cost of employing 10-12 security personnel that operate an around-the-clock SOC, and it can offer ROI much more quickly.

Check out this recent Forrester study to learn more about cost-saving outcomes of partnering with Rapid7’s MDR team.

6. Staff

Finally, ESG tells us that 35% of surveyed organizations don’t have an adequately sized staff for security operations.

Even with unlimited budget to hire a full team, it would be an incredibly labor-intensive and time-consuming process. It would be nearly impossible for most organizations to accomplish. Not only is finding qualified candidates and hiring a huge pain point, but the resources needed to onboard and train staff often aren't there.

Of course, all MDR services are not the same

Keep these three things in mind:

  • Forrester found Rapid7 MDR reduced breaches by 90%
  • Forrester found Rapid7 MDR delivered 549% ROI
  • In the event of a breach, Rapid7 MDR pivots to full-on digital forensics and incident response, no delay, no limits

Check out our full MDR Buyer's Guide for 2022 here.

Additional reading:


Get the latest stories, expertise, and news about security today.