The Managed Detection and Response FAQ

The Managed Detection and Response FAQ

What is Managed Detection and Response (MDR)? How can it benefit your enterprise? We answer these questions and more in our Managed Detection and Response FAQ!

If you want to learn more beyond this Managed Detection and Response FAQ, our SIEM guide also offers insights into many of the top providers in the field. But let’s not get ahead of ourselves; let’s dive in!  

The Managed Detection and Response FAQ

Why Should Your Enterprise Consider Managed Detection and Response? 

The whole of this Managed Detection and Response FAQ boils down to this question. Before we can dive into the details of how your enterprise can benefit, we need to examine the surrounding context. 

Fortunately, there is a simple answer to this question. Unfortunately, the answer paints a bleak picture of the current state of modern cybersecurity and its professionals. 

Generally, cybersecurity jobs across the country and the globe remain perilously unstaffed. Those professionals working to protect enterprises find themselves frequently overwhelmed and potentially burnt out from the frequent demands of their jobs. 

While understaffing can pose serious problems, burn out proves much more insidious. In fact, it could result in a data breach down the line as your professionals lack the drive to chase down threats. Yet without a full cybersecurity staff or the means to give them time for self-care, burnout becomes inevitable.  

How Bad is the Cybersecurity Staffing Crisis, Really? 

Let’s take a look at the numbers. According to Symantec and ISACA:

  • An estimated 1.5 to 2 million cybersecurity jobs shall remain unfilled this year.
  • Each year 40,000 cybersecurity go unfilled. 
  • Meanwhile, another 200,000 cybersecurity-related positions are left unstaffed. 

Simultaneously, another report by the (ISC)² Cybersecurity Workforce Study found: 

  • The cybersecurity workforce gap numbers around 3 million. 
  • 63% of enterprises need more cybersecurity staff. 
  • 59% face increased risk due to the staffing crisis.    

Finally, we have the results of the 2018 Black Hat USA Attendee Survey, which only reinforces the severity of the issue:

  • 65% said they don’t have enough qualified staff members to deal with incoming digital threats.
  • Also, 66% said they lacked the skills and training to perform all of their required job responsibilities.
  • 34% said the lack of cybersecurity skills is the top reason digital security strategies fail.

So How Can Managed Detection and Response Help?

The answer to this question motivated this entire Managed Detection and Response FAQ. According to the recent Gartner Market Guide, only about 5% of enterprises call upon MDR services. Yet we believe if more enterprises understood it, they would quickly adopt it. 

First, MDR services provide your enterprise with 24/7 monitoring. No one can overstress the importance of this power in modern cybersecurity. Hacking now represents a global enterprise (indeed, some hackers even form corporate hierarchies) worth potentially billions. A penetrative attack or dwelling threat could strike at literally any time. 

However, your IT security team (probably) does not constitute automatons with no need for sleep or food or relaxation. Trying to hold them to overnights shifts and weekends not only foments burn out but it can also breed resentment and mass departures. 

Sure, automation, as provided by a SIEM solution, can help the problem, but it works optimally when directed and partnered with human intelligence. This puts you back at square one. 

Therefore, utilizing the 24/7 monitoring of MDR services can significantly improve your enterprise cybersecurity posture. Just having more eyes more consistently gives hackers less room to conceal their attacks. 

Incidentally, you can also hire MDR services on a part-time or night-shift and weekend basis, if you prefer it. That way, your IT team stays involved without the worry of burning out. 

What Else Can Managed Detection and Response Offer? 

Obviously, 24/7 monitoring represents the most crucial capability of MDR services. However, this doesn’t represent the full suite of their tools. Indeed, MDR services also offer targeted incident response. 

Your enterprise can absolutely select an MDR service which conducts your incident response for you, allowing your IT team to act as a liaison. Additionally, you can call upon MDR to assist your own team’s threat hunting and remediation efforts. This depends on your IT security team, their capabilities, and what gaps you wish to close. 

No matter your answer, enterprise MDR services usually offer direct communication channels so you can always reach them with your concerns and queries. Your enterprise can also ask your MDR service to run investigations for you since this proves one of the most stressful and time-consuming activities for IT professionals.  

Most MDR services can also provide with leveraged threat intelligence for up-to-date strategies and capabilities. Furthermore, you can call upon your solution provider to help you maintain and deploy cybersecurity solutions, including SIEM. For example, it can help conduct and evaluate your security event correlation and investigations.  

Above all, MDR services offer your enterprise human intelligence on call to ensure the optimal performance of your cybersecurity solutions. That’s nothing to sneer at by any stretch of the imagination. 

So How Do I Choose an MDR Service? 

Of course, this question belongs in a Managed Detection and Response FAQ. Yet it proves difficult to answer precisely because only you know what your business needs. In fact, your use case should differ wildly even from competitors in your industry; size and IT infrastructure alone can create contrasting scenarios. 

However, we can offer you this maxim: do not rush. Cybersecurity often counsels urgency, and that isn’t necessarily wrong; waiting too long practically invites the hackers in with open arms.  If you rush into the wrong solution, though, you could end up causing more damage in the long term. 

Instead, consult with your IT security team and your other IT professionals. Evaluate your needs, your scaling predictions, and your enterprise goals. With these in mind, then evaluate the MDR field; usually, each vendor shares their particular use cases of focus. 

There isn’t a magical formula that can replace due diligence. So do yours. But how? 

Here’s How to Do Your Due Diligence!

If our Managed Detection and Response FAQ intrigued you, you should check out our SIEM Buyer’s Guide; many of the top SIEM providers also offer MDR services. In the guide, we dive into the major market players and their key capabilities. Also, check out our SIEM Vendor Map to see our charting of the vendors across three key capabilities.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner