Examining the Rise of Managed Detection & Response in the MSSP Space

In cybersecurity, managed detection and response (MDR) refers to services that help organizations better understand the risks they face and improve how they identify and react to such threats. As organizations continue to shift their strategies to stay ahead, these solutions will only grow in popularity. This article outlines the Managed Security Service Provider (MSSP) opportunity around MDR, as underscored in Omdia’s recent Fortinet-sponsored report: “MSSPs and Managed Security.”

Drivers of Managed Security Service Consumption

An ever-expanding and increasingly complicated threat landscape has prompted many enterprises to outsource their cybersecurity requirements to MSSPs. Organizations use MSSPs for everything from staff augmentation and monitoring, to achieving predictable operating expenses.  The enterprise survey section of Omdia’s report provides further insight into current top drivers of managed security service consumption.

Survey respondents indicated that strength of security, improved performance and capacity, as well as, protection of applications and data in private and public clouds were among the strongest drivers in their decision to deploy managed security services. At present, an average of 50% of enterprise users are protected by managed security services, with 77% expected by the end of 2021.

Top drivers for this change in consumption include the following:

Further, when weighing options for managed security services, 53% of buyers plan to buy best-of-breed services from multiple providers instead of seeking a single provider solution, indicating that brand is an important consideration to these buyers.

The Rising Importance of MDR

MDR services go beyond traditional MSSP offerings, enabling a better understanding of risks while also positioning enterprises to respond to detected threats more rapidly. These services combine network forensic and endpoint security tools with human analysis and automation to detect and respond to threats.

Traditional MSSP offerings, in contrast, prioritize security asset management, as opposed to the deployment, management, and monitoring of security assets such as firewalls and network access controls (NAC). Adding MDR to the mix provides better protection of endpoints from malware, the ability to halt lateral threat movement, and the ability to stop internal security violations.

According to the survey, the most popular managed security services currently in use are still traditional security monitoring (65%) and device management (57%). However, managed detection and response now comes in at a close third (54%), indicating that the use of MDR is on the rise.

MDR From the Buyer’s Point of View

When opting for MDR, buyers have their choice of many different types of vendors, with traditional MSSPs only being one of several options. They could also choose to deploy MDR in-house with the help of proprietary software, or work with an MDR-only vendor, for example.

But even buyers are aware of many benefits that come with buying MDR from an MSSP, with survey respondents indicating the following key benefits:

These responses echo the overall drivers for choosing managed security services in general, including increased security, access to new technologies, and pre-integration of complex systems.

MDR From MSSPs’ Point of View

Omdia’s report also included survey data from MSSP respondents. These respondents indicated that security monitoring is still the most important service for their customers (54%), followed by managed detection and response along with security device management (both at 41%). However, respondents also indicated that by 2023, traditional services will likely decline in favor of newer offerings.

The way in which MSSPs view their position in providing MDR varies, with 46% indicating it is a technology they will buy from a security vendor, 29% indicating it is a service they would build themselves, and 25% indicating a mix of both. In the long term, 41% of respondents plan to deploy new services with “out-of-the-box” offerings. However, the fact that so many MSSPs indicate a plan to rely on out-of-the-box solutions – whether entirely or partially – may negate some of the perceived value of buying MDR from an MSSP.

That said, MSSPs are very much aware of the importance of brand strength to buyers. When asked about the top drivers for selecting technology partners, 95% of MSSPs indicated that strength of brand was a driver for buyers, with 48% classifying it as a “strong driver.” In addition, the prospective technology partner’s vision or solution for MDR was also classified as a “strong driver” by 36% of respondents.

MDR Provides an Opportunity for MSSPs

Revenue growth is expected across the board in the MSSP sector with services expected to drive the bulk of this growth around IoT, MDR, device management, and threat intelligence. In particular, 82% of respondents indicated that MDR would play an essential role in their business moving forward.

When asked if they consistently find themselves faced with a security skills or staff shortage, 64% of MSSPs answered “no.” So, while security skills and experience may be scarce across much of the security sector, MSSPs are apparently attracting and retaining talent, which is one of the primary benefits for buyers who use an MSSP.

Overall, the survey indicates that MSSPs have a solid grasp of the importance of MDR to their field, likely because they know it leverages their strengths, especially Mature SecOps and threat intelligence infrastructure. In addition, by using in-house skills and expertise, while selecting technology partners with strong brand strength among buyers, MSSPs can become well-positioned to offer high-quality MDR services.

Learn more about the growing need for managed security services in a webinar led by experts from Fortinet and Omdia, taking place on July 8^th. Register today. 

Author Jonathan Nguyen-Duy is VP of Field CISO at Fortinet. Read more Fortinet blogs here.