Is there really a difference between managed detection and response (MDR) service providers and traditional MSSPs? The line has greatly blurred — and in some cases it has disappeared, according to Gartner.
As Gartner asserts, today hundreds of MSSPs now offer MDR services, but the IT research and consulting provider cautions that organizations should be careful about pretenders that may have incomplete offerings. Indeed, Gartner urges cybersecurity and risk management professionals to use its research to identify MDR services that meet their business-driven requirements.
Gartner has compiled a list of MDR companies that includes a range of service providers to ensure coverage from a geographical, vertical and capabilities perspective. More than 600 providers in this market claim to offer MDR services, according to Gartner.
The following is a list of 40 representative vendors and is not intended to be an inclusive of all the providers in the MDR services market. It is not, nor is it intended to be, a competitive analysis of the providers, Gartner said.
Notes:
- What About SMB?: Gartner tends to focus on midmarket and enterprise MDR companies, MSSP Alert believes, and overlooks fast-growing, MSP-friendly MDR providers such as Blackpoint Cyber, Huntress, Netsurion and Stellar Cyber. All four of those MDR providers have gained critical mass with MSSPs and MSPs.
- Whom did we miss? Email MDR market thoughts and leads to MSSP Alert managing editor Jim Masters at [email protected] and editorial director Jessica C. Davis at [email protected]
The Top 40 MDR Security Companies MSSPs Need to Know
Here's Gartner's most up-to-date list of 40 MDR providers, annotated with information from MSSP Alert coverage and research over the past few years since its previous Top MDR list was published in November 2021. 1. Ackcent (Barcelona, Spain) Ackcent provides services to detect, respond to and manage cyberattacks, monitoring 24/7 the security challenges that can arise in both public and private cloud environments through its continuous vulnerability intelligence products and managed cloud security services, according to its website. In mid-2020, AttackIQ and Ackcent announced they were partnering to provide breach and attack simulation (BAS) and continuous security validation (CSV) to joint customers across Europe. 2. Aiuken Cybersecurity (Madrid, Spain) Aiuken offers managed security and cloud services as a protection base for large companies, SMEs and public administrations. The company operates a network of security operations centers (SOCs), with MDR as its core business offering. Backed by private equity firm Trill Impact, Allurity acquired Aiuken Cybersecurity in September 2022. 3. Arctic Wolf (Eden Prairie, Minnesota, U.S.) Arctic Wolf is a security operations center-as-a-service (SOCaaS) and MDR provider. In January 2023, Arctic Wolf launched a retainer option for its cyber incident response services. The Arctic Wolf Incident Response JumpStart Retainer features benefits such as a guarantee that cyber incidents will receive a response within one hour, backed by a service-level agreement. 4. Atos (Paris, France) In September 2022, Atos rejected an unsolicited offer to sell its identity and access management (IAM) security business, Evidian, to Onepoint and private equity fund ICG. Earlier, in July 2022, the NATO Communications and Information Agency (NCI Agency) awarded Atos a €1.2 million (US$1.25 million) contract to install and configure mission critical cybersecurity capabilities and systems at 22 NATO sites. Atos is ranked No. 37 on MSSP Alert’s 2022 Top 250 MSSPs list. 5. Binary Defense (Stow, Ohio, U.S.) In February 2023, Binary Defense announced a partnership with ExtraHop to deliver a new MNDR service. Earlier that month, the companies announced that they were working together to deliver the Reveal(x) 360 network detection and response (NDR) solution. Preceding those announcements, in November 2022, Binary Defense, a 2022 Top 250 MSSP, secured a $36 million institutional growth equity funding round led by private equity firm Invictus Growth Partners. The company said it will use the funding to bolster its sales and marketing, expand its partner ecosystem and machine learning capabilities and create an extended detection and response (XDR) offering. 6. Bitdefender (Bucharest, Romania) As of September 2021, Bitdefender offered three MDR packages — including Bitdefender MDR Core, Bitdefender MDR Advanced and Bitdefender MDR Enterprise. Bitdefender's MDR capabilities include 24X7 analyst-led threat monitoring and response, proactive threat hunting, tailored threat intelligence, and a dedicated customer success manager. Additionally, in July 2022, Bitdefender launched a new managed security service. 7. BlueVoyant (New York, New York, U.S.) BlueVoyant, a 2022 Top 250 MSSP, offers an MDR service that features its Scan & Protect capability. This offering delivers advanced phishing detection to meet continuous open source and dark web monitoring. BlueVoyant is a Microsoft Solutions Partner with designations in Security, Infrastructure Azure, and Modern Work, and also has Specialist Designation in Cloud Security and Threat Protection. The company was named Microsoft's 2022 US Security Partner of the Year and 2023 Security MSSP of the Year. 8. Critical Start (Seattle, Washington, U.S.) Critical Start, a 2021 Top 250 MSSP, is offering Sumo Logic customers with always-on threat detection coverage, MSSP Alert reported in April 2023. Critical Start reported a two-fold increase in April 2023 in both its revenue and new customers over the previous two years. Critical Start offers MDR, SIEM, endpoint detection and response (EDR) and XDR services to global organizations. Its Channel Partner Program enables MSSPs, MSPs and other technology providers to integrate these services into their portfolios. 9. CrowdStrike (Sunnyvale, California, U.S.) Best known as a cloud-based security software provider, the company also has a major MDR focus. In April 2023, CrowdStrike brought to market its Falcon Complete XDR, a managed eXtended detection and response (MXDR) service designed to help organizations address the cybersecurity skills gap. The Falcon Complete XDR launch is built on CrowdStrike’s release of Falcon Insight for IoT, an EDR and XDR solution that helps organizations protect their eXtended internet of things (XIoT) assets. The company provides the Elevate Partner Program, which enables MSSPs, MSPs and other technology providers to integrate its products and services into their portfolios. 10. Cybereason (Boston, Massachusetts, U.S.) Cybereason released a mobile app in August 2022 that it said places the power of a SOC at the fingertips of cyber defense professionals. The Cybereason MDR Mobile App further reduces the mean-to-time remediation by suspending an attack’s lateral movement directly from a cyber defender’s mobile device, according to Cybereason. Continue to page two for MDR security companies 11-20 Here's page two, featuring MDR security companies 11-20. 11. Cyberoo (Reggio Emilia, Italy) Cyberroo’s MDR service is built on Cypeer, an intelligent detection platform equipped with AI that collects and correlates all the information coming from security applications and systems already existing in your IT ecosystem. Cyberoo's Cyber Security Suite combines advanced detection technology with the skills of more than 50 cybersecurity specialists, the company said. 12. Cyderes (Kansas City, Missouri, U.S.) Cyderes is the security-as-a-service (SECaaS) division of Fishtech Group, which provides managed security services on a global scale for the modern digital workforce. Created by the merger of Herjavec Group and Fishtech Group, Cyderes says it provides the people, processes and technology to manage risk and detect and respond to cyber threats. 13. Cysiv (Dallas, Texas, U.S. and Ottawa, Canada) Cysiv, a SOCaaS platform provider, was developed within Trend Micro and launched in 2018 via a partnership with HITRUST, a data protection standards and certification organization. Forescout, an automated cybersecurity solutions provider backed by private equity firm Advent International, acquired Cysiv in June 2022. 14. DeepSeas (McLean, Virginia, U.S.) DeepSeas was created in December 2022 when Security On-Demand acquired Booz Allen Hamilton’s commercial Managed Threat Services (MTS) business. The deal was backed by venture capital firm Nautic Partners. DeepSeas is an MDR provider that covers the converged attack surface for the mid-market. DeepSeas also provides services in the areas of threat analytics, cyber defense, SIEM, SOC, MSP, MSSP, Cyber Fusion Team, and XDR. 15. Deepwatch (Denver, Colorado, U.S.) Deepwatch, a 2022 Top 250 MSSP, is a spin-off of GuidePoint Security. Deepwatch launched an MXDR service in February 2023 that organizations can use to address identity-based threats. The company debuted a tiering framework for its Xcelerate Channel Partner Program April 2023. The program provides partners with access to training, tools, market development funds (MDF), partner advisory councils and other financial and business benefits. In addition, Deepwatch launched the Deepwatch Academy platform, which offers sales training, resources and certification programs to Xcelerate partners. The Xcelerate program enhancements come after 16. eSentire (Waterloo, Ontario, Canada) A 2022 Top 250 MSSP, eSentire offers the e3 partner ecosystem for MSPs, MSSPs, VARs, master agents and technology partners. eSentire partners can use technology platforms from the company’s partner ecosystem to provide MDR and other security services. In March 2023, eSentire announced it is working with SentinelOne to help organizations prevent, detect and respond to cyber threats. In December 2022 eSentire became the first global MDR partner of Coalition, a cyber insurance company. 17. Expel (Herndon, Virginia, U.S.) Expel, a 2021 Top 250 MSSP, debuted a new MDR service in February 2023 that allows organizations to secure their business across their Kubernetes environment. In December 2022, Expel signed an exclusive MDR partnership with Beyon Cyber. Under the partnership, Beyon provides Expel’s MDR services in the United Arab Emirates (UAB) and surrounding region. Expel also offers a partner program and has established partnerships with more than 20 technology companies. 18. Fortra (Eden Prairie, Minnesota, U.S.) Fortra has bolstered its MDR business with a number of acquisitions. In March 2022, Fortra signed a merger agreement to acquire MDR specialist Alert Logic. Following that acquisition, Fortra acquired Terranova Security, a global phishing simulation and security awareness training provider. Next, Fortra acquired Outflank and HelpSystems. In May 2023, Fortra announced the connection between JAMS, its workload automation and job scheduling solution, and Automate, its robotic process automation solution. This integration allows organizations to improve their automation footprint by incorporating Automate’s low code approach to building automation with the orchestration capabilities of JAMS. 19. Integrity360 (Dublin, Ireland) Integrity360 claims to be one of the fastest-growing and largest independent pure-play cybersecurity specialists in Ireland and the U.K. In May 2023, Integrity360 acquired Netsecure, a Sweden-based cybersecurity company, enabling expansion into the Nordics region. 20. IBM (Armonk, New York, U.S.) IBM brought to market a new security suite designed to improve the analyst experience across the full incident lifecycle, the company announced in April 2023. The IBM Security QRadar Suite "represents a major evolution and expansion of the QRadar brand,” the company said. The following month, IBM acquired Polar Security, which helps companies discover, monitor and secure cloud and SaaS application data. Polar Security marked IBM’s fifth acquisition in 2023. Since Arvind Krishna became CEO in April 2020, IBM has acquired more than 30 companies, bolstering its hybrid cloud and artificial intelligence (AI) capabilities. Continue to page three for MDR security companies 21-30 Here's page three, featuring MDR security companies 21-30. 21. Kroll (New York, New York, U.S.) Kroll provides global risk and financial advisory solutions and is working to expand its managed security services through integrations and alliances. Kroll partnered with CrowdStrike in November 2022 and aligned its MDR platform with CrowdStrike’s portfolio of cloud-based endpoint protection, cloud workloads, identity and data solutions. Kroll acquired real-time risk intelligence company Crisp in June 2022. In March 2022, Kroll bought risk intelligence technology provider Resolver. Kroll has also acquired Security Compass Advisory, Redscan and RP Digital Security. Kroll has a Top 250 MSSP business division. 22. Kudelski Security (Cheseaux-sur-Lausanne, Switzerland, and Phoenix, Arizona, U.S.) Kudelski Security released Threat Navigator in December 2022, enhancing its MDR clients’ ability to visualize cyber defense coverage leveraging the MITRE ATT&CK framework while prioritizing efforts to combat sophisticated cyberattacks. Threat Navigator is a core component of Kudelski Security’s MDR client portal and is integrated with its XDR architecture. Kudelski Security released the FusionDetect cloud-native analytics platform for its MDR services in May 2022. FusionDetect helps organizations streamline their security processes and technologies and allows organizations to use Kudelski Security’s MDR services with no upfront costs. Kudelski Security released its MDR One solution in April 2022. 23. Mandiant (Alexandria, Virginia, U.S.) Google Cloud completed its acquisition of Mandiant in September 2022, and Mandiant retained its brand name. Mandiant debuted its Executive Cybersecurity Services in April 2023, which provide frontline expertise, tailored mentorship and hands-on guidance for CISOs and senior leaders to achieve their risk-reduction goals, communicate with non-security executives and board members and prepare for cybersecurity incidents. Mandiant released Breach Analytics for the Google Cloud Chronicle Security Operations suite in October 2022. Breach Analytics lets organizations monitor events in Chronicle for indicators of compromise (IOCs) and generate threat insights. 24. Mnemonic (Oslo, Norway) At the core of its MDR services is Argus, Mneomic’s solution to rapidly detect, analyze and respond to cybersecurity threats on a large scale. Using big data analytics, machine learning and a complex event-processing framework, Argus provides the advanced threat prevention ecosystem needed to see the big threat picture in real-time and protect customers against advanced persistent threats, zero days and targeted attacks, according to the company’s website 25. NCC Group (Manchester, U.K.) NCC Group is an information assurance firm whose service areas cover software escrow and verification, cybersecurity consulting and managed services. The company keeps tabs on the cybersecurity industry, including reports of cyberattacks and the various threat actors, through its monthly Pulse Report. 26. Obrela Security Industries (London, U.K.) Obrela delivers what it defines as “Cyber Risk Management-as-a-Service,” a comprehensive security program powered by its Swordfish platform. With engagements that include financial institutions, telecommunications, critical infrastructure and on-line service providers, Obrela collects and analyses structured and unstructured data, generating valuable intelligence for new, emerging and advanced security threats. 27. Ontinue, the MDR division of Open Systems (Zurich, Switzerland) Open Systems launched Ontinue in February 2023. The company offers ION, which provides an AI-based MXDR to Microsoft customers. Ontinue also launched a partner program in February 2023 that provides channel partners with access to this cybersecurity technology and Microsoft expertise, joint selling and marketing opportunities, rewards and incentives. 28. Optiv (Denver, Colorado, U.S.) Optiv repositioned its partner program in May 2023, touting its ecosystem which includes CrowdStrike, Palo Alto Networks and Proofpoint. In March 2023, Optiv bought government cybersecurity value-added reseller (VAR) ClearShark, more than doubling its federal market presence. In 2022, the Canadian government awarded Optiv its first major enterprise contract under Shared Services Canada’s (SSC) cybersecurity procurement vehicle (CSPV) for its network device authentication (NDA) solution. Optiv Canada’s NDA solution is delivered in partnership with Venafi, a specialist in securing machine identities, as well as Crypto4A, a next-generation hybrid security platform that manages the lifecycle of device keys for zero trust-based architectures. 29. Orange Cyberdefense (Paris, France) Orange acquired SecureLink in 2019, one of Europe’s largest independent MSSPs offering cybersecurity consulting as well as MDR services. In November 2022, Orange Cyberdefense acquired Scrt and Telsys, two companies specializing in cloud security. In July 2022 announced a partnership with venture capital firm NightDragon. Orange Cyberdefense has integrated its MDR service with Microsoft Sentinel, which allows organizations to use managed threat detection and Sentinel capabilities to monitor and manage their security operations. 30. Pondurance (Indianapolis, Indiana, U.S.) Pondurance acquired advisory and assessment services company Bearing Cybersecurity in June 2021 and later in the year announced its Cyber Risk Assessments solution powered by Bearing’s MyCyberScorecard risk management platform. MyCyberScorecard strengthened Pondurance’s MDR services, helping its customers improve their security posture and comply with industry and regulatory standards. MyCyberScorecard provides organizations with cybersecurity assessments that align with internal and external standards and compliance requirements, MSSP Alert reported. Pondurance is backed by private equity firm Newlight Partners, and offers a partner program for MSPs, MSSPs and other technology providers. Continue to page four for MDR security companies 31-40 Here's page four, featuring MDR security companies 31-40. 31. Proficio (Carlsbad, California, U.S.) Proficio, an MSSP specializing in MDR services, and CyberSix, entered into a partnership to deliver Proficio Managed Security Services to CyberSix clients, the companies announced in May 2023. CyberSix, a veteran-owned small business, specializes in providing virtual chief information security officer (vCISO) services. Also in May 2023, Proficio announced its partnership with Cyber Intelligence House, a U.S. government entity specializing in helping cybersecurity professionals assess and monitor cyber exposure from the dark web, deep web, data breaches and online assets. This partnership allows Proficio to enhance its MDR services with its newly launched Cyber Exposure Monitoring (CEM) service, leveraging Cyber Intelligence House’s cyber threat database. 32. Quorum Cyber (Edinburgh, U.K.) Quorum Cyber’s investment from private equity firm Livingbridge in January 2022 was intended to help the company become one of the top Microsoft Security partners worldwide. Its Microsoft Sentinel MDR service is managed and delivered by an in-house SOC team. Quorum Cyber is a Microsoft Solutions Partner for Security and a member of the Microsoft Intelligent Security Association (MISA). 33. Rapid7 (Boston, Massachusetts, U.S.) Rapid7 acquired anti-evasion and ransomware prevention technology provider Minerva Labs for approximately $38 million in cash and stock in March 2023. In February 2023. Rapid7 reached an agreement with University of South Florida to create a cyber threat intelligence laboratory funded by a $1.5 million investment from The Rapid7 Cybersecurity Foundation. The lab performs cyber threat detection research and develops cybersecurity talent. It also provides USF students with hands-on learning and cybersecurity skills development and allows them to get experience tracking global threat actors. Rapid7 acquired Israeli Kubernetes security company Alcide.IO for approximately $50 million in February 2021. The deal surfaced a few months after Rapid7 acquired cloud security posture management (CSPM) company DivvyCloud in 2020. 34. Red Canary (Denver, Colorado, U.S.) Red Canary launched the Red Canary Alert Center in 2020 to help security teams view, manage and prioritize alerts. In 2022, Red Canary joined the Palo Alto Networks Cortex MSSP partner program. As a Cortex MSSP partner, Red Canary incorporates its MDR capabilities into Palo Alto Networks’ Cortex XDR product. Red Canary has also developed integrations for Palo Alto Networks’ Prisma Cloud, Threat Prevention and WildFire Analysis Environment offerings. Red Canary offers an MDR platform that helps organizations secure their endpoints, cloud workloads, networks, identities and SaaS apps. In February 2022, it launched a partner program that allows MSSPs and MSPs to integrate its MDR capabilities into their offerings. Along with Palo Alto Networks, Red Canary also has partnered with SentinelOne and other cybersecurity companies. 35. Secureworks (Atlanta, Georgia, U.S.) Secureworks, owned by Dell Technologies, has been busy lately. Secureworks brought to market the Taegis XDR and Taegis ManagedXDR for OT offerings in June 2023 to help industrial organizations protect against cyber threats. For MSSPs, Taegis XDR delivers MDR plus XDR capabilities to manage their SOCs. Secureworks continues to evolve from an MSSP to a cloud-based security software provider. The company remains focused on its Partner First strategy and pursuing partnerships with MSSPs, MSPs and other technology providers. 36. Sophos (Abingdon, United Kingdom) Sophos may be best-known for its MSP-friendly security software. It formed a partnership with cybersecurity insurance provider Cowbell Measured Analytics and Insurance in March 2023. In January 2023, Sophos laid off about 10% of its workforce, or 450 people, blaming it on an “internal restructuring” to optimize growth and profitability. Sophos joined a growing list of technology companies that have laid off staff during 2023, partly owing to a deepening economic slowdown. 38. Trustwave (Chicago, U.S.) Trustwave has been a bit of a newsmaker lately. In March 2023, the United States Patent and Trademark Office (USPTO) awarded an expanded database security contract to the government solutions division of Trustwave. On March 2023, Trustwave incorporated its MDR solution into the Trellix XDR platform. In January 2023, Trustwave relaunched its Advanced Continual Threat Hunting Platform. Trustwave also released its Enterprise Pen Testing (EPT) Service and a new version of its Co-Managed SOC solution in October 2022. 39. Verizon (Basking Ridge, New Jersey, U.S.) Verizon in 2020 incorporated the Securonix SIEM solution into its MDR service. Verizon MDRuses analytics and behavior modeling to help organizations quickly identify potential cyberthreats. The fully-managed, scalable, cloud-based solution overlays Verizon’s core remote threat monitoring, detection and response capabilities with built-in multi-layer analytics and behavior modeling from Securonix. 40. WithSecure (Helsinki, Finland) WithSecure (formerly known as F-Secure Business) launched a new module for its WithSecure Elements security platform in May 2023, which identifies insecure cloud configurations attackers use to compromise networks. WithSecure, offering partner programs for MSPs and MSSPs, delivers endpoint protection platforms (EPP) and EDR solutions. These include static and behavioral detection signatures and detections for multiple stages of the attack lifecycle. Other MDR Companies to Watch & Gartner Recommendations on Choosing a ProviderOther MDR Companies Watch
Here are some additional MDR providers, not included on Gartner’s list, that MSSP Alert is watching:- ActZero, a San Francisco, California-based MDR provider, specializes in small and mid-sized businesses (SMBs).
- BlackBerry Cybersecurity, based in Waterloo, Ontario, Canada, recently integrated its AtHoc critical event management (CEM) capabilities into its CylanceGUARD MDR service.
- Bridge Security Advisors, based in Warren, New Jersey, recently added the Essential Security Solution (ESS), which includes real-time MDR and threat intelligence.
- BitLyft, based in St. John’s, Michigan, recently integrated its MDR services with Graylog’s SIEM solution.
- Certego is an MDR pure-play company based in Italy with more than 10 years of experience in the cybersecurity field.
- Coalition, a cyber insurance provider based in San Francisco, California, added to its MDR offerings the release a new version of its Coalition Control cyber risk management platform in May 2023.
- Exertis is an MDR provider that is partnering with eSentire, having added its security services to its enterprise portfolio.
- Hughes Network Systems, based in London, U.K., incorporated MDR and security operations center-as-a-service (SOCaaS) offerings into its portfolio, the company announced in January 2023.
- Iron Bow Technologies, based in Herndon, Virginia, bolstered its MDR capabilities with the acquisition of GuardSight in January 2023.
- Teltec Solutions, a Brazilian company, offers managed security services with SOC-as-a-service and a traditional MDR model.
Choosing the Right MDR: Advice from Gartner
Gartner offers the following recommendations for end-user companies that are choosing an MDR provider, and MSPs may find it useful as well:- When there are no existing internal capabilities at the end-user company, or when the organization needs to accelerate or augment existing security operations capabilities, use MDR services to obtain 24/7, remotely delivered, human-led security operations capabilities
- Assess how the MDR provider’s containment approach and incident reporting can integrate with your organization and whether actions can be performed on your behalf to align with business requirements, as well as compliance/legal policy/government regulation.
- Attain the maximum benefit from MDR services by preparing response workflow processes and integrating existing ticket management systems to ensure a business-centric response.
- Investigate the MDR provider’s services to determine if it aligns with your business-driven requirements. Also, provide actionable findings that internal teams can successfully react to, rather than settling for regurgitated technology outputs with no added analysis.
