MDR vendors help IT and security leaders accelerate the development of their security program and improve security posture.
With no end in sight to the cybersecurity skills shortage, MDR Services can immediately deploy expert resources along with proven best-of-breed processes and tools. These help security teams gain control and arm themselves for the future success of security programs. To understand these trends and assess the overall state of MDR service offerings, ESG conducted a survey of 373 cybersecurity professionals on behalf of Palo Alto Networks.
MDR commitment
What motivates IT and security teams to hire an MDR service provider? Interpreted literally, MDR would be an obvious response that there are gaps in security operations capabilities, coverage or processes. However, it shows that more than half (57 percent) of organizations cited proactive security assessments as the reason for their first MDR engagement. Indeed, working with MDR vendors often begins with security assessments, including vulnerability assessments, to uncover weaknesses in the security posture in terms of programs, tools, coverage, and capabilities. The third important factor is the response to crises or incidents that reveal gaps in the security program. Operational requirements such as incident response are also a common reason for using MDR.
Scale security programs
Security teams often struggle to scale their security programs to meet the growth and complexity of the attack surface and threat landscape. As a result, many companies are turning to MDR providers to accelerate and scale their operating models. Companies see MDR as a way to accelerate program development and close gaps. More than four in ten companies believe that MDR service providers can simply do a better job than internal resources. A third report immature security programs that also lack the necessary tools and systems. Other important factors include an expanding list of security controls and processes required to purchase cybersecurity insurance, as well as regulatory compliance.
MDR Use Cases
MDR providers offer a range of services to fulfill multiple use cases. While security program development and access to security experts top the list, nearly half of organizations use an MDR vendor to fully outsource security tasks. The other half use MDR to complement their internal program to close coverage gaps, gain access to additional threat intelligence and add threat hunting capabilities. It is also worth noting that almost half of the companies either completely outsource their security processes or intend to do so.
MDR missions are typically expanded over time with new services to enhance incident investigation, threat containment and response. Modern MDR providers are now moving beyond traditional SecOps reactive capabilities to provide proactive services in support of threat intelligence, threat hunting, attack simulation, security assessments, and vulnerability management. Looking at this broad range of services, MDR service providers offer much more than simple detection and response and instead become comprehensive security program partners that help organizations of all sizes scale their security programs.
MDR providers as strategic partners
As MDR commitments mature and relationships grow, MDR vendors are taking on a more strategic role. This is evident from the fact that more than three-quarters (77 percent) of organizations identify their MDR vendor as a strategic partner in terms of alignment with their security program. These relationships are enduring: 82 percent of organizations say they have been working with an MDR provider for at least three years. The majority use more than one MDR provider, with 34 percent working with three or more MDR service providers to support their use cases and protect their attack surface.
In terms of attack surface coverage, most respondents expect MDR vendors to support security measures for all types of IT assets. Yet few engage MDR providers to cover their entire attack surface. More than two-thirds of organizations report that their MDR provider covers no more than 75 percent of their IT assets, while only eight percent confirm their MDR provider covers 100 percent.
MDR providers help improve onsite security resources and security program maturity. In terms of actual results, MDR vendors help organizations prevent successful attacks, accelerate security program development, and open up investment opportunities in more strategic security initiatives.
Half of organizations say their MDR vendor helps them improve the security capabilities of their internal assets. 45 percent were able to invest in more strategic security initiatives thanks to MDR support. More than four in ten organizations report significantly fewer successful attacks and/or an overall improvement in their security program. From an executive perspective, 42 percent say there has been an increase in executive and/or board confidence, while 38 percent report their ability to meet compliance goals or cyber insurance requirements. Consistent with these positive business results, there has been a significant increase in the number of organizations reporting the maturity of their security programs as very mature after working with an MDR vendor.
Advanced tools
What considerations are important for organizations when evaluating and selecting an MDR provider? Nearly half (49 percent) said the MDR vendor needs to work with their existing security tool and technology ecosystem, while 46 percent want advanced detection and response capabilities. Another 43 percent wish their MDR vendor had expert security resources, which is also the most cited factor that would prompt organizations to switch their current vendor. Other reasons include more advanced security tools and improved detection and resolution rates, but price and operating models also play a role.
MITER and XDR support are key for most organizations when choosing an MDR provider. This often involves more than a checklist of skills and coverage. More than nine out of ten companies rate MITER ATT&CK support as important (32 percent) or very important (62 percent). Additionally, nearly three-quarters (73 percent) say they consider Extended Detection and Response (XDR) security technology when choosing MDR services. Secure Service Access Edge (SASE) and Attack Surface Management (ASM) were also considered important by two-thirds.
MDR is becoming a mainstream security strategy
Palo Alto Networks concludes: Leveraging MDR services has become a central component of security program strategy, propelling MDR vendors into strategic partners. They help security and IT teams accelerate program development, improve security posture, and reap less visible benefits such as: B. support in achieving compliance goals, taking out cyber insurance and improving internal security skills and processes. As such, most organizations view MDR as an ongoing part of their investments in security programs. 37 percent rate MDR as strategic and critical, and another 35 percent plan to work with their MDR vendor to update and implement future security strategies. ESG sees MDR as an important and common security strategy and encourages organizations to explore more use cases that can accelerate security program development and security posture.
More at PaloAltoNetworks.com
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.
Matching articles on the topic