When it comes to managed detection and response (MDR) services, I'm starting to hear the same pressing question over and over again: Who actually owns the R? In other words, who exactly is responsible for each component of a response?
Over the past few weeks, the chatter surfaced in separate emails and individual MSSP Alert conversations with:
Still, the "Who owns response?" conversation stretches back further than that. At the
Right of Boom conference in February 2022,
JupiterOne CISO and head of research
Sounil Yu described a world where people remain heavily involved in response and recovery services. The obvious question that MSSPs and end-customers need to address: Whose people?
MDR Security Services: Widespread Adoption
The question -- "Who owns response?" -- is particularly important amid the spread of MDR services. Indeed:
Still, actual MDR services -- particularly the response stage of the services -- vary widely from one company to the next.
MDR Security: What Are 'Response' Services?
Amid that backdrop, eSentire divides the MDR discussion
into this spectrum:
Detection: Actually spotting a threat to a business;Response: Containing that threat;Remediation: Making sure the adversary is removed from the system for good; andDigital forensics with incident response: Performing digital forensics, analysis, crime scene reconstruction, eDiscovery and more. Similarly, Rapid7 is banging the drum for
digital forensics and incident response capabilities as differentiators in the MSSP, MSP and MDR markets.
MDR Security Services: What's Next for Response?
We'll pick up this conversation in a major way at
MSSP Alive Live 2022, our in-person conference set for September 2022. It's safe to expect a panel titled "MDR: Who Owns Response?" to surface at the event.
In the meantime, please keep your MDR thoughts coming -- especially as they pertain to the nuances of Response services.