Content, MDR

Managed Detection and Response (MDR): Who’s Responsible for the R?

Yellow question mark on a background of black signs, FAQ Concept. 3D Rendering

When it comes to managed detection and response (MDR) services, I'm starting to hear the same pressing question over and over again: Who actually owns the R? In other words, who exactly is responsible for each component of a response?

Over the past few weeks, the chatter surfaced in separate emails and individual MSSP Alert conversations with:

  • Jake Godgart, product marketing, managed services at Rapid7;
  • Erin McLean, chief marketing officer at eSentire, a leading MDR service provider;
  • Jen Olmsted, founder, Cytrex Cyber; and
  • Jeff Schmidt, CEO, Avertium, a Top 250 MSSP.
  • Still, the "Who owns response?" conversation stretches back further than that. At the Right of Boom conference in February 2022, JupiterOne CISO and head of research Sounil Yu described a world where people remain heavily involved in response and recovery services. The obvious question that MSSPs and end-customers need to address: Whose people?

    MDR Security Services: Widespread Adoption

    The question -- "Who owns response?" -- is particularly important amid the spread of MDR services. Indeed:

    • MDR now ranks among the core eight managed security services typically offered by MSSPs, according to Gartner.
    • Hundreds -- perhaps thousands -- of companies now claim to offer MDR services. The MDR proponents include cybersecurity software companies, pure-play MDR businesses, MSSPs, and MSPs that are white labeling third-party services.
    • Fully 91% of MSSP 250 survey participants for 2021 indicated that their companies offer MDR capabilities.
    • Still, actual MDR services -- particularly the response stage of the services -- vary widely from one company to the next.

      MDR Security: What Are 'Response' Services?

      Amid that backdrop, eSentire divides the MDR discussion into this spectrum:

      • Detection: Actually spotting a threat to a business;
      • Response: Containing that threat;
      • Remediation: Making sure the adversary is removed from the system for good; and
      • Digital forensics with incident response: Performing digital forensics, analysis, crime scene reconstruction, eDiscovery and more.
      • Similarly, Rapid7 is banging the drum for digital forensics and incident response capabilities as differentiators in the MSSP, MSP and MDR markets.

        MDR Security Services: What's Next for Response?

        We'll pick up this conversation in a major way at MSSP Alive Live 2022, our in-person conference set for September 2022. It's safe to expect a panel titled "MDR: Who Owns Response?" to surface at the event.

        In the meantime, please keep your MDR thoughts coming -- especially as they pertain to the nuances of Response services.

        Joe Panettieri

        Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.

        You can skip this ad in 5 seconds