Key Factors That Drive Managed Detection and Response Engagement

As organizations conduct their annual cybersecurity planning, Managed Detection and Response (MDR) services are becoming table stakes for any mature cybersecurity program.

With new and increasingly sophisticated attacks happening every day, the continuing cybersecurity skills shortage, and the increased pressure from compliance regulators and cyber insurance vendors, organizations are leaning on MDR providers for their expert resources and proven processes. These providers can help organizations not only improve their overall security posture but build a scalable security program that keeps up with the organization’s growth and changing business objectives.

BlueVoyant recently sponsored a survey conducted by Enterprise Strategy Group (ESG). ESG surveyed 373 cybersecurity professionals personally involved with cybersecurity technology, including both products and services as well as processes, to understand trends in MDR and assess the general state of its service offerings.

MDR Survey Results

One of the key findings of the research are the factors that drive organizations to initial engagements with MDR providers. The survey sought to understand what causes security teams to pursue an MDR provider.

At its core, MDR serves as an extension of your security team, solving for resource gaps and lack of expertise to detect and respond to cybersecurity threats. Interestingly, more than half (57%) of the organizations surveyed cited proactive security assessments, and 47% voiced vulnerability assessments as key factors that drove their initial MDR engagement.

The third biggest factor pertains to incident response, with respondents naming incident response/mitigation (39%), incident remediation/recovery (39%), incident investigation (34%), and breach or major incident response engagement (37%) as key factors that revealed gaps and led to MDR discussions.

The Case for a Proactive Approach

These survey results line up with what we see at BlueVoyant. Proactive security engagements like security assessments and vulnerability scanning often expose weaknesses in a customer’s security posture due to lack of resources, expertise, or the mature processes to manage it all. And on the reactive end of cybersecurity, organizations that have had, or are experiencing, a security breach, have come to us for digital forensics and incident response (DFIR) services that often illuminate shortfalls in their security programs that cannot be remedied from within. These types of engagements often uncover the need for MDR services to provide 24x7 management and monitoring, and threat eradication services.

The ESG survey also revealed key findings around the main use cases for MDR services, the positive security outcomes driven by MDR, the importance of MDR providers having an open tech stack that integrates with existing customer infrastructure, and how having a human-centric customer engagement model matters in MDR provider/client relationships. Download the full report to read all the findings.

Jenny Dowd is a BlueVoyant Director, Product Marketing.