Managed Detection and Response (MDR): Who's Responsible for the R? -

When it comes to managed detection and response (MDR) services, I'm starting to hear the same pressing question over and over again: Who actually owns the R? In other words, who exactly is responsible for each component of a response?

Over the past few weeks, the chatter surfaced in separate emails and individual MSSP Alert conversations with:

Jake Godgart, product marketing, managed services at Rapid7;
Erin McLean, chief marketing officer at eSentire, a leading MDR service provider;
Jen Olmsted, founder, Cytrex Cyber; and
Jeff Schmidt, CEO, Avertium, a Top 250 MSSP.

Still, the "Who owns response?" conversation stretches back further than that. At the Right of Boom conference in February 2022, JupiterOne CISO and head of research Sounil Yu described a world where people remain heavily involved in response and recovery services. The obvious question that MSSPs and end-customers need to address: Whose people?

MDR Security Services: Widespread Adoption

The question -- "Who owns response?" -- is particularly important amid the spread of MDR services. Indeed:

MDR now ranks among the core eight managed security services typically offered by MSSPs, according to Gartner.
Hundreds -- perhaps thousands -- of companies now claim to offer MDR services. The MDR proponents include cybersecurity software companies, pure-play MDR businesses, MSSPs, and MSPs that are white labeling third-party services.
Fully 91% of MSSP 250 survey participants for 2021 indicated that their companies offer MDR capabilities.

Still, actual MDR services -- particularly the response stage of the services -- vary widely from one company to the next.

MDR Security: What Are 'Response' Services?

Amid that backdrop, eSentire divides the MDR discussion into this spectrum:

Detection: Actually spotting a threat to a business;
Response: Containing that threat;
Remediation: Making sure the adversary is removed from the system for good; and
Digital forensics with incident response: Performing digital forensics, analysis, crime scene reconstruction, eDiscovery and more.

Similarly, Rapid7 is banging the drum for digital forensics and incident response capabilities as differentiators in the MSSP, MSP and MDR markets.

MDR Security Services: What's Next for Response?

We'll pick up this conversation in a major way at MSSP Alive Live 2022, our in-person conference set for September 2022. It's safe to expect a panel titled "MDR: Who Owns Response?" to surface at the event.

In the meantime, please keep your MDR thoughts coming -- especially as they pertain to the nuances of Response services.

Managed Detection and Response (MDR): Who’s Responsible for the R?

MDR Security Services: Widespread Adoption

MDR Security: What Are 'Response' Services?

MDR Security Services: What's Next for Response?

Related

Modern MDR, made clear: What CISOs should demand now

MSSPs don’t need more scans. They need Hacker Score.

Sophos Says Agentic SOC Cuts MDR Response Time to 89 Seconds