Security Alert Overload Propels Big Outsourcing Shift to MDR Services
Big changes are coming to how organizations address managed security challenges, according to new research from LogicHub, a provider of security automation platforms and services.
The study, Achieving Promise of the Elevated Security Posture: The Rush to MDR Services, conducted by Osterman Research, found that U.S. organizations struggle with too many alerts, too few security analysts and increasingly complex security stacks. In response, many organizations are rapidly shifting from traditional MSSPs and legacy security tools, such as Security Information and Event Management (SIEMs) that aggregate alerts, to action-oriented MDR services.
The study polled organizations that outsource cybersecurity to MSSP and MDR providers, rather than MSSPs and MDR providers themselves. The research revealed that 69% of respondents currently use one or more MSSPs or MDR providers. But those organizations not using MSSP or MDR providers are planning to do so in the next 12 months (25%).
Key Findings: Understanding the Rapid Shift to MDR Security Services
- Almost 60% of respondents experience false positive rates higher than 25%, wasting enormous amounts of analyst time. Only 14% report their false positives rates at below 10%.
- Driven by the increased use of different cloud applications, the number of security tools expected to be deployed in the next 12 months will grow by more than 80%.
- Almost 60% say it is not easy to recruit or retain security staff with the right skills.
- 79% of legacy MSSP users plan to upgrade to MDR services; 12% have already done so.
- 30% of respondents already use MDR services. Another 42% plan to move to MDR in the next 12 months — an increase of 140%.
- Key reasons cited for adopting MDR include strengthening existing security teams, automating response capabilities, improved threat detections, support for cloud services, and the need for 24/7 security operations.
Abundance of Security Tools Creates “Perfect Storm” for Change
While detection remains a core capability, MDRs add automated response capabilities and access to seasoned cybersecurity professionals. That enables organizations to address alert overload, talent shortages and budget constraints. As such, MDR services provide customers with remotely delivered modern security operations center (MSOC) functions. The impact enables organizations to rapidly detect, analyze, investigate and actively respond through threat mitigation and containment.
“The perfect storm of too many security tools creating too many alerts for overstretched security teams has created an urgent need for many organizations to move to more advanced managed security services,” says Michael Sampson, senior analyst at Osterman Research.
Willy Leichter, chief marketing officer at LogicHub, adds that the report echoes the voices of many of his company’s customers who need help “managing the onslaught of security noise.”
“Advanced MDR services offer businesses the ability to augment their teams, automate time consuming processes and apply advanced AI tools to detect new threats,” Leichter explained.
In fact, the market for MDR security services will reach $5.6 billion by 2027, which represents a 16.0% compound annual growth rate (CAGR) from 2022, MSSP Alert reported in May 2022. MDR now ranks among the core eight managed security services typically offered by MSSPs, according to Gartner. More than 90% of MSSPs now offer some form of MDR services.
About the Study
LogicHub engaged Osterman Research in April 2022, polling 205 security and IT professionals from organizations of up to 2,500 employees in the United States across a range of industries, including technology, financial services/banking, SaaS/software and professional services.