Content, MDR

Managed Detection and Response (MDR): Who’s Responsible for the R?

Yellow question mark on a background of black signs, FAQ Concept. 3D Rendering

When it comes to managed detection and response (MDR) services, I'm starting to hear the same pressing question over and over again: Who actually owns the R? In other words, who exactly is responsible for each component of a response?

Over the past few weeks, the chatter surfaced in separate emails and individual MSSP Alert conversations with:

Still, the "Who owns response?" conversation stretches back further than that. At the Right of Boom conference in February 2022, JupiterOne CISO and head of research Sounil Yu described a world where people remain heavily involved in response and recovery services. The obvious question that MSSPs and end-customers need to address: Whose people?

MDR Security Services: Widespread Adoption

The question -- "Who owns response?" -- is particularly important amid the spread of MDR services. Indeed:

Still, actual MDR services -- particularly the response stage of the services -- vary widely from one company to the next.

MDR Security: What Are 'Response' Services?

Amid that backdrop, eSentire divides the MDR discussion into this spectrum:

  • Detection: Actually spotting a threat to a business;
  • Response: Containing that threat;
  • Remediation: Making sure the adversary is removed from the system for good; and
  • Digital forensics with incident response: Performing digital forensics, analysis, crime scene reconstruction, eDiscovery and more.

Similarly, Rapid7 is banging the drum for digital forensics and incident response capabilities as differentiators in the MSSP, MSP and MDR markets.

MDR Security Services: What's Next for Response?

We'll pick up this conversation in a major way at MSSP Alive Live 2022, our in-person conference set for September 2022. It's safe to expect a panel titled "MDR: Who Owns Response?" to surface at the event.

In the meantime, please keep your MDR thoughts coming -- especially as they pertain to the nuances of Response services.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.