Last updated at Sun, 11 Feb 2024 23:29:33 GMT

Not all MDR services are created equal, and in order for organizations to find the right partner for their managed detection and response needs, Gartner® has published a Market Guide report offering key insights for businesses of all sizes. At Rapid7, we are proud to offer this complimentary report and share our three key takeaways from it.

MDR services have skyrocketed over the past few years. In the report, Gartner says: “MDR is a high-growth, established market (see Market Share: Managed Security Services, Worldwide, 2021 where MDR is a distinct segment, the MDR market grew 48.9% from 2020 to 2021).”

Because of the high growth in the market, many managed security services use the term MDR. However, organizations looking for a true Managed Detection and Response partner, should look to the Gartner definition to identify the right vendor.

Gartner puts it this way: “MDR services provide customers with remotely delivered, humanled, turnkey, modern SOC functions; ultimately delivering threat disruption and containment.”

But choosing a strong MDR partner goes far beyond these high-level requirements. Below are our key takeaways from the report. Without further ado, let's dive right in.

Takeaway 1: Beware Providers Mimicking MDR

The key to MDR lies as much in the human-centric nature of the service as the power of the technology behind it. Managed Detection and Response is just that… managed. It requires a human with expertise not only in understanding the detection and remediation of threats and breaches, but how these correlate to your business and its goals. Sadly, not all services claiming to be MDR lead with this human expertise.

Gartner shares: “Misnamed technology-centric offerings and vendor-delivered service wrappers (VDSW), that fail to deliver human-driven managed detection and response (MDR) services, are causing challenges for buyers looking to identify and select an outcome-driven provider.”

Human-analyzed context is critically important to the success of an MDR program and an organization's outcomes in their security programs. Unfortunately, some providers are not living up to their own marketing materials. For instance, Gartner found that some “deliver a far less human-driven experience, depending on the technology for the bulk of the delivery. Although still valuable, these offerings are often promoted as being more engaged than they actually are and would be better described as managed EDR (MEDR).”

Takeaway 2: Context is King

This could be considered a corollary to the previous takeaway, but we acknowledge how important it is for an MDR provider to understand your organization's unique environment, the context of threats, and how those threats have potential to impact your business. It is not enough to simply detect and remediate threats; an MDR SOC should understand which threats and types of threats will have the biggest impact on your company or organization.

The human-led nature of successful MDR programs means that a company can rest assured that their MDR SOC is able to provide insights that are actually useful to boost their customer's outcomes.

Gartner has this to say on the subject: “MDR buyers must focus on the ability to provide context-driven insights that will directly impact their business objectives, as wide-scale collection of telemetry and automated analysis are insufficient when facing uncommon threats.”

We feel this has a direct relationship with the expertise of the MDR provider and the quality of the technology they are providing. Too much information without the context necessary to triage and prioritize could overwhelm any security team. Too little information and threats go unchecked. Finding the right balance between the tech and expertise is critical.

Takeaway 3: Threats Know No Boundaries

Ok, that subhead may be a little hyperbolic, but it should surprise no one that threat actors aren't clocking out at 5pm on a Friday and taking holidays off. Your MDR SOC can't either. Gartner recommends “Use MDR services to obtain 24/7, remotely delivered, human-led security operations capabilities when there are no existing internal capabilities, or when the organization needs to accelerate or augment existing security operations capabilities.”

So, what exactly does that mean? Essentially, any MDR SOC you choose should provide round-the-clock security that knows no geographical limitations, and has a team of experts actively detecting, assessing, and providing remediation recommendations for threats whenever they arise.

Gartner says: “Turnkey threat detection, investigation and response (TDIR) capabilities are a core requirement for buyers of MDR services who demand remotely delivered services deployed quickly and predictably.”

A follow-the-sun approach that puts highly competent security experts at your fingertips 24/7, 365, and that melds the human-centric nature of deep cybersecurity and business analysis with a powerful threat-detecting technology solution would make for a compelling MDR service option.

Choosing an MDR partner requires some serious due diligence and understanding of your organization's priorities. This Market Guide helps MDR buyers understand the state of the market and what to look for in an effective MDR provider. Our three takeaways are in no way comprehensive; download the full report to learn more.

Gartner, “Market Guide for Managed Detection and Response Services” Pete Shoard, Al Price, Mitchell Schneider, Craig Lawson, Andrew Davies. 14 February 2023.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.