The market for Managed Detection and Response (MDR) has never been stronger. According to an August 2020 report by Gartner: “By 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment capabilities.” The demand opens up an excellent opportunity for managed service providers (MSPs) and managed security service providers (MSSPs) to grow by expanding their offerings to include MDR services. However, there are a number of important considerations for service providers that want to move into this fast-growing market or to adjust their strategy for serving this market.
The Challenges of Delivering MDR Services
MSPs/MSSPs encounter a number of challenges when formulating a plan to offer expanded or modernized MDR, including the following:
Vendor Support: MSPs/MSSPs are often held back by the vendor conundrum. Supporting multiple MDR vendor solutions leads to increased requirements and higher costs for staffing, training, and vendor management. However, while choosing to support one vendor’s MDR solution lowers expenditures, it also limits the total addressable market. Many prospective customers will not have the vendor’s endpoint solution that you have standardized on, or may not be willing to install it.
Cloud Detection and Response: Though endpoints are still important threat vectors, organizations are now aggressively migrating workloads to the cloud and developing applications with a cloud-first approach. Attackers are following that move to the cloud too. Can the MDR offering detect and respond to threats that target workloads running on leading platforms, including AWS, Azure and Google Cloud? MSPs/MSSPs that are able to detect and respond to cloud/SaaS threats will be able to make the most of this growing market opportunity.
Threat Detection: Timely, comprehensive and effective threat detection and response requires access to a broad range of enterprise telemetry and data. Though traditional MDR services typically rely solely or heavily on endpoint telemetry for threat detection, modern services take advantage of more. There are dozens of other essential sources of data that can provide a higher-fidelity picture of a customer’s threat landscape. This includes network and workload security events, Identity and Access Management (IAM), Active Directory, and cloud-hosted applications. Though all of this data can lead to more accurate threat detection and prioritization, a provider must rigorously apply data science and automation to normalize the data, correlate it into actual security events, and leverage it as part of a comprehensive, timely, and accurate process of threat detection, investigation, and response.
Managed Security Incident and Event Management (SIEM): Many organizations either have a SIEM or are considering adding a SIEM to their environment. However, the trifecta of complexity (deployment, administration, and usage) as well as the costs of implementation and operation are common. While managed SIEM services have been provided by MSSPs for years, because of their outdated product architectures and functionality, they don’t often deliver the threat detection and response capability, results, or value that customers seek.
What’s more, many SIEMs lack the comprehensive set of capabilities that are now required for threat detection and response, such as User Entity and Behavior Analytics (UEBA), Security Orchestration Automation and Response (SOAR), and a threat intelligence platform. This imposes additional costs upon MSPs/MSSPs to learn, integrate, and manage these additional tools.
And for MSPs that lack the staff or expertise to deliver a threat detection and response service to their customers, a managed SIEM doesn’t do them much good. A modern threat detection and response service that includes a multi-tenant, cloud-native, co-managed SIEM, and optional access to 24/7 analysts and related security and threat experts, provides compelling value to both MSPs and MSSPs.
Achieve Success Sooner with SOC-as-a-Service
SOC-as-a-Service (SOCaaS) empowers MSPs/MSSPs to address each of these challenges and launch modern MDR offerings — quickly. Outsourcing the security operations center removes the need to build and operate a SOC or to add headcount when short-staffed. It eliminates the time, cost, and complexity of deploying, integrating, learning, and operating multiple solutions. And provided it relies on a modern, cloud-native, multi-tenant, co-managed solution, and is backed by a team of experts that can operate as a virtual extension to your team, it can ensure scalable, easily supported business growth.
Finding success with Cysiv
Cysiv’s cloud-native, multi-tenant platform is uniquely suited for MSPs and MSSPs to deliver SOC-as-a-Service to customers.
Cysiv’s SOCaaS platform accepts a wide range of telemetry, including on-premise, multi-cloud and serverless and container-based environments, letting MSPs/MSSPs serve a broad range of customers with confidence. It allows an MSP/MSSP to standardize processes across all customers, leading to more efficient onboarding and monitoring. The integrated data science and automation enables analysts to access more actionable information quickly and manage more clients. And transparency into the detection, investigation, and response processes gives clients the trust, confidence, participation, and satisfaction they need. Further, Cysiv offers both automated and human analysis of security data, including trained and experienced threat hunters, and provides 24/7 detection and response to threats in the environment.
Partner with an Innovator
With its modern, data science-driven technology platform, comprehensive service offering and flexible business model, Cysiv is an innovator in SOC-as-a-Service. We are on the forefront of modernizing the threat detection and response process, particularly for MSPs/MSSPs. Cysiv’s inclusion in both the Gartner Market Guide for Managed Detection and Response and the MSSPAlert list of Top 250 MSSPs for 2020 are a testament to our rapid ascendance. If you are ready to learn more about how Cysiv can help your MSP/MSSP take advantage of the expanding market for managed detection and response and managed SIEM, contact us today.