Content, Channel partners, MSSP

MDR vs. MSSP Security Services: What’s the Difference?


What's the difference between managed detection and response (MDR) vs. managed security services providers (MSSPs)? Over time the distinction between the two specialities will likely blur and perhaps even disappear. But right now, there are some clear differences between MDR and MSSP services, according to Gartner.

As Gartner puts it: "The overlap between managed security services and MDR is increasing, which is adding to the confusion in the market and making it difficult for buyers. MSS and MDR still have distinct characteristics that buyers need to understand."

So what are the differences? Here's how Gartner lays out seven distinctions between MDR services & MSSPs.

1. Security event log and context sources

  • MDR: Proprietary technology stack provided by the provider and deployed at the customer's premises, which is included in the service price.
  • MSS: Event-source-agnostic. Data sent to the provider is determined by the customer.

2. Remote device management

  • MDR: Only for their own technology stacks.
  • MSS: Yes. Vendor-agnostic for most common security controls — e.g., firewalls, intrusion detection systems (IDSs), intrusion prevention systems (IPSs) or web gateways — or tools deployed with MDR-type services.

3. Compliance reporting

  • MDR: Very rarely
  • MSS: Yes

4. Interface to service
MDR: Rely on more-direct communication (voice, email) to analysts, rather than portals.
MSSP: Portal and email acts as the primary interface, with secondary access to analysts provided via chat functions and phone.

5. Incident response support

  • MDR: Lightweight, remote, incident response support typically included in basic services. On-site incident response provided by retainer.
  • MSS: Both remote and on-site provided by a separate retainer.

6. Incident containment

  • MDR: Provided using provided technology stack or customer-owned technologies, leveraging scripts and APIs to programmatically make changes.
  • MSS: When remote, full management of security controls is managed for a customer and MDR- type services are offered — e.g., managed endpoint detection and response (EDR).
7:  Provide service-level agreements (SLA) for incident detection and response

  • MDR: Rarely
  • MSS: Yes

Despite those distinctions, the line between between MDR and MSSP services is blurring rapidly. Among the recent examples: Booz Allen Hamilton, a Top 100 MSSP for 2017, in October acquired Morphick, a 40-person cybersecurity firm that offers MDR services.

More MDR-MSSP merger deals will surely surface in the months ahead, MSSP Alert believes. Fast forward to 2020, and 80 percent of MSSPs worldwide will offer some form of advanced MDR services, Gartner concludes.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.