As the threat landscape evolves, so does the security industry. The problem is that it’s changing at such a rapid rate that it’s becoming increasingly difficult for security leaders to keep up with the solutions and services that are available to them. This is exemplified by the confusion buyers have surrounding Managed Detection and Response (MDR) services and those offered by a Managed Security Service Providers (MSSP).
Currently, there’s a nomenclature problem plaguing the industry, resulting in no real strict definition surrounding MDR. This allows service providers to produce their own definitions. Ultimately, this makes it extremely difficult for buyers to understand what they should be looking for and expecting in an MDR provider.
There are some pure-play MDR providers on the market that believe they have a higher level of expertise, but at the end of the day, MDR should be a component of MSSP, says Brian Hussey, vice president of cyber threat detection and response at Trustwave.
As the market continues to evolve, he believes that pure-play MDR providers will go extinct, only because they may be absorbed by MSSPs that want to provide those capabilities. For buyers, asking the right questions and educating themselves on what they should be looking for is key.
“The world of security has changed in a lot of ways in terms of what we’re able to provide,” Hussey says. “The first step should educate yourself on what’s possible with MDR. It includes some kind of an endpoint agent, [the ability] to perform deep-dive forensic investigations, and you’re able to do these things that weren’t possible only two years ago.”
As Hussey explains, the industry has evolved rapidly and will continue to do so.
In the full video interview below, Hussey breaks down the differences between MDR and MSSP services and discusses how some of the overlaps may be causing confusion for security leaders in search of assistance in protecting their organizations.
A Managed Detection & Response provider should combine people, process and technology to identify and respond to advanced threats targeting endpoints. Here's how Trustwave can make that happen.
Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.
