Expanding Service Opportunities with Managed Detection and Response (MDR)

The global shift to remote work has seen a market expansion for MSSPs. Companies are increasingly relying on service providers to help manage the cyber risks associated with telework implementation and the increased reliance on cloud hosted applications. That said, MSSPs must have the right tools in place to take advantage of this opportunity.

Stephan Tallent, Senior Director MSSP & Service Enablement, Fortinet.
Author: Stephan Tallent, senior director MSSP & Service Enablement, Fortinet.

Offering managed threat detection and response (MDR) services will play an instrumental role in MSSPs’ ability to generate business. According to Gartner, by 2024, more than 90% of organizations looking to outsource security will focus on detection and response services. As the popularity of these services grows, many buyers are turning to MDR providers because their response capabilities better fit the needs of their remote business and concern for ransomware threats. This means that for MSSPs to stay competitive, they will need to incorporate incident response technologies in their service offerings.

How MDR Offerings Differ from MSSP Offerings

While MDR providers and MSSPs both manage security for their customers, they detect and respond to threats in different ways. MDR providers typically rely on network forensic tools to identify threats. By combining this technology with human analysis and automated response, MDR providers can eliminate false positives and reduce threat detection times down to a couple of hours. This allows organizations to interdict security incidents in real-time, limiting the impact that threats have on their network. Should their customers require assistance, MDR providers can also aid in threat remediation thanks to on-premises teams that can be deployed as part of a contract retainer.

Conversely, MSSPs are more focused on security asset management. Managed security service providers monitor customer networks for threats and send alerts to customer security teams when they are identified. Unlike MDRs, however, MSSPs typically focus on the deployment, management and monitoring of security assets like firewalls and end-point protection.

Challenges MSSPs Face When Looking to Offer MDR

There are several challenges that MSSPs face when looking to evolve their service offerings to include MDR capabilities. These include:

  • Multiple Security Vendors
    To offer comprehensive threat detection and mitigation capabilities, MDR providers rely on multiple security vendors to piece together a complete offering. This can be difficult to manage and can expose organizations to an array of security risks. For MSSPs, having multiple vendors can decentralize their network operations and hinder their ability to accurately detect threats on customer networks. This is why MSSPs must work with vendors that offer combined threat detection and response services.Fortinet addresses this challenge by offering all of the technology components from a single vendor that work with each other to share threat intelligence and address risks. Whether it’s a basic or full stack MDR offering, this provides MSSPs with an integrated threat management system that eliminates silos associated with having multiple vendors.
  • Disparate Tools
    A key component of managed detection and response is having access to integrated security solutions that incorporate automation, case management and custom playbooks along with enforcement. With integrated security, MDR providers can coordinate their detection and remediation efforts which, in turn, helps cut down on incident response times. For MSSPs who use disparate tools, it can be difficult to gain the visibility necessary to properly manage customer network security. As networks grow more complex with the addition of cloud services and IoT devices, having access to integrated security solutions is a necessity for MSSPs.The Fortinet Security Fabric is specifically designed to help address these challenges by providing MSSPs with an integrated set of security tools that work together to minimize threat detection and mitigation times across customer networks. With integrated centralized case management, MSSPs can provide a well-rounded, full-stack MDR offering.
  • MDR Provider Competition
    MDR providers and MSSPs target the same market, meaning there is steady competition between the two. It can be challenging for MSSPs to offer the same services as an established MDR provider without having access to the necessary tools. With this in mind, MSSPs must be able to differentiate their MDR capabilities to stand out from the crowd.Fortinet’s acquisition of technology alliance partners, EnSilo and Cybersponse for EDR and SOAR respectively, has resulted in the security vendor being the only one on the market that brings together all the components needed to build an full-stack MDR offering in a single vendor. This reduces swivel chair operations in the SOC, simplifies training requirements and improves security efficacy of the MSSPs service offering.
  • Training and SOC Skills Shortage
    Having an effective SOC team is an important aspect of MSSP operations as they are responsible for threat analysis and mitigation on customer networks. The problem for MSSPs is that there is a serious shortage of qualified SOC talent available due to the growing cybersecurity skills gap. Training staff to become SOC analysts presents a challenge, as well. SOC training includes multiple technologies being used in unison, can be time consuming and usually requires considerable monetary investment. On top of that, MSSPs also run the risk that trained personnel will leave their job due to alert fatigue and the mundane and repetitive aspects of the job or for another organization since SOC analysts are in high demand.Without a properly trained staff, MSSPs cannot offer MDR services as human analysis plays a critical role in managed detection and response. Fortinet offers the SOC Lifecycle Strategy to help MSSPs tackle this challenge. The Lifecycle Strategy, which is comprised of four phases, provides MSSPs with resources and guidance for establishing the infrastructure and training required to offer MDR services to customers.

Final Thoughts

Security buyers are shifting their focus to threat detection and response services. By integrating MDR capabilities into their service portfolios, MSSPs can take advantage of this growing trend and ensure ongoing customer security and business continuity. With Fortinet, MSSPs have access to the tools and resources they need to provide comprehensive MDR services to customers.

By Stephan Tallent, CISSP, senior director MSSP & service enablement, Fortinet. Read more Fortinet blogs here.