Managed Detection and Response is a big topic for companies because there are no specialists available for evaluating EDR, XDR & Co. A study shows what companies expect from MDR providers - bundled in a specification for IT security service providers.
In view of increasingly complex threats, IT security teams in companies of all sizes will sooner or later be overwhelmed with ensuring the security of data, applications and processes. But what help do they need? What is the requirement profile of a Managed Detection and Response (MDR) service provider? And how does an IT security service and its external security experts improve the security situation in companies? This was shown by the results of interviews with responsible persons in the USA and Canada, conducted by Bitdefender and the Enterprise Strategy Group in August 2022.
Managed Detection and Response: What must it be able to do?
Jörg von der Heydt, Regional Director DACH at Bitdefender, comments on the study from a German perspective: “A very similar picture emerges from discussions with German customers. The range of requirements for MDR service providers is similarly broad, as is the motivation to consider an MDR service. What they all have in common, however, is the fact that skilled workers – i.e. IT security analysts and specialists – are becoming increasingly difficult to obtain and retain, while the number and complexity of attacks is constantly increasing. The dependency on digital, i.e. IT-supported, processes is increasing to the same extent. A dilemma that can probably only be solved through the increased use of managed security services.”
The main results of the study
Many IT teams start with managed detection and response in a planned manner
🔎 Reasons why companies want to use an MDR service (Image: Bitdefender).
In many cases, MDR is not an emergency measure. Most of the respondents - 57 percent - indicated that upcoming security reviews were the reason for working with MDR providers. 47% wanted to review and manage vulnerabilities. Only 39% took specific action to ward off or contain an event, to discover security-related incidents or to restore IT systems and digital processes after an attack. 37% involved mitigating a network intrusion or providing a broader response to a security event. Around one in three (33%) hoped for help with pre-sorting and prioritizing the daily alarms.
When asked about their motivation, it becomes clear how urgently the security officers surveyed need help in order to do justice to both the scaling of IT security and the increasing attack surface and complexity of attacks. 41% of the study participants assumed that the external security experts could take care of the cyber defense better than their in-house teams. A remarkable finding, since many companies took part which, given their size, should have their own qualified security team. The proportion of respondents who were looking for a more scalable operational model for their IT security was just as high. 37% implicitly admitted they do not have the security tools and systems they need to run their cyber defense processes. The following motivations are also interesting:
- 29% bought MDR to get cyber insurance.
- 27% were unable to internally commit the security and expertise needed for IT defenses.
- 27% did not see cyber security as their core competence and therefore outsourced it.
- 18% also requested protection after work.
Protecting cloud workloads is a high priority
On the one hand, the study participants are looking for help in protecting complex IT landscapes. But even for basic defense technologies, those responsible hope for external help just as often.
Customers expect an MDR provider to protect cloud applications (53%), followed by public cloud infrastructure (50%). The ability to assess cloud workloads for their vulnerability (46%) and the private cloud also play a role (43%).
But the classic protection of the endpoints also remains important. 43% of those surveyed expect a vulnerability analysis at the endpoint from an MDR service provider. Protecting identity and access rights (41%), endpoints (40%) and server workloads (39%) are almost equally important.
🔎 The expectations of an MDR provider (Image: Bitdefender).
Customer knowledge and customer proximity required
When choosing an MDR provider, customers demand an MDR provider that offers company-specific services. For 49%, therefore, the ability to support existing security tools and technologies played a role. 39% of the study participants demanded industry-specific knowledge of the risk situation in the respective branch. After all, more than one in five (21%) also have a regional focus.
Accordingly, the companies want a close customer relationship in addition to the classic competence factors. 38% consider better involvement in defense (better engagement model) as a motive for considering other service providers. 29% of those surveyed stated that the desire for a dedicated contact person could be a reason for switching MDR providers.
In general, companies prefer to work long-term with an MDR provider. 61% worked with their current partner for three or four years, 21% even five years or more. However, many companies also employ several MDR providers: 46% two, 34% three or even more partners.
Comprehensive skills desired
Only a minority of the security professionals surveyed expect full coverage of the attack surface by MDR service providers. Only 31% require external service providers to monitor 76% to 100% of the attack surface. However, 42% demand protection from 51 to 75%. Central areas to be monitored are cloud workloads (67%), the network (66%) or DevOps including application security (56%) and the Internet of Things (51%).
MDR is a multifaceted task
If you ask the IT managers about the results of an MDR commitment, one result does not seem spectacular at first: Only 42% were able to significantly reduce the rate of successful attacks on their company. Ultimately, however, this is also a remarkable result. Attacks to which the cybersecurity analysts of an MDR provider react in a security operation center (SOC) are usually of a serious nature. In addition, this can also be an indication that classic defense technologies such as anti-virus and endpoint protection offer a basic contribution against the still important opportunistic, automated and apparently numerous attacks. Another 42% attested to a significantly improved safety program. Nevertheless, 77% see MDR as a strategic operational partner. Every second person benefited from the know-how of the security experts.
But concrete effects also play a role: 38% met compliance requirements with MDR, 38% reduced the operational costs of IT security and 32% were able to reduce the policy amounts of their cyber insurance. Last but not least, 35% reduced the stress level of the internal security team.
About the course of the study
In the study commissioned by Bitdefender, ESG surveyed 3 cybersecurity professionals in the United States and Canada between August 14 and August 2022, 373. They have worked for companies of all sizes, from 100 employees and more, from a wide range of industries. About half (54%) of the participants worked in companies with 1.000 to 4.000 employees.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de