Enterprise Management Associates, profile picture
Uploaded byEnterprise Management Associates
201 views

Managed Detection and Response: Selective Outsourcing for Understaffed SOCs and the Platforms That Enable MDR Services

The document discusses managed detection and response (MDR) services, emphasizing their importance for organizations facing understaffed security operations centers (SOCs). It outlines the activities involved in MDR, the demographics of survey respondents, and the interest and adoption levels in various industries. Additionally, it highlights key criteria for MDR provider selection, the effectiveness of services, and areas for improvement based on user feedback.

Embed presentation

Download to read offline
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Paula Musich Research Director, Security & Risk Management Enterprise Management Associates (EMA) PMusich@enterprisemanagement.com Managed Detection and Response Selective Outsourcing for Understaffed SOCs and the Platforms That Enable MDR Services
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Watch the On-Demand Webinar Slide 2 • Watch the Managed Detection and Response on-demand research webinar: https://info.enterprisemanagement.com/managed-detection-and- response-webinar-2020-ws • Check out upcoming webinars from EMA here: http://www.enterprisemanagement.com/freeResearch
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Featured Speaker Paula Musich, Research Director, Security and Risk Management, EMA Paula brings over 30 years of experience covering the IT security and networking technology markets. She has been an IT security analyst for 12 years, including as a research director at NSS Labs, and earlier as the principal analyst for enterprise security for Current Analysis. As a security technology analyst, Paula has tracked and analyzed competitive developments in the information security market ranging from deception technology, encryption, network and endpoint security to bot mitigation, security automation, data loss prevention, and more. Slide 3 © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Sponsors Slide 4 © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Agenda • Introduction • Methodology & Demographics • Setting the Stage • A Small Market With Big Potential • MDR Usage Among Early Adopters • Grading MDR Providers’ Performance Slide 5 © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 6 Introduction © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2020 Enterprise Management Associates, Inc.Slide 7
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 8 © 2020 Enterprise Management Associates, Inc.  Providers Carry Out for Their Clients  Threat Detection  Threat Hunting  Threat Intelligence Management  Event Investigation and Analysis  Threat Validation  Alert Triage  Threat Remediation  Risk Reporting And sometimes  Vulnerability Hunting  Vulnerability Remediation Check List of Activities MDR
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 9 Methodology & Demographics © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Demographics • Company Size • 30% Enterprise • 47% SME • 23% Midmarket • Annual IT Budget • 27% <$10 Million • 24% $10 - <$25 Million • 20% $25 - <$50 Million • 17% $50 - <$100 Million • 11% +$100 Million • Geography • North America • Number of Respondents • 179 • Vertical Industries • 19% Manufacturing • 15% Finance • 13% Healthcare • 12% Software • 8% Retail Slide 10 © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING IT vs. Cybersecurity Budget Changes 2% 10% 40% 33% 8% 6% 0% 0% 2% 34% 49% 12% 2% 1% Increased between 50% and 75% Increased between 25% and 50% Increased between 10% and 25% Increased less than 10% Stayed the same Decreased less than 10% Decreased between 10% and 25% IT budgets Cybersecurity budgets © 2020 Enterprise Management Associates, Inc.Slide 11
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 12 Setting the Stage © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2020 Enterprise Management Associates, Inc.Slide 13
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Respondent Involvement in Threat Detection and Response Solutions 17% 19% 18% 16% 19% 13% Develop requirements Evaluate Approve/Purchase Deploy/Support Manage/Maintain the tools Use as part of my job © 2020 Enterprise Management Associates, Inc.Slide 14
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Why manage threat detection and response internally? 32% 31% 12% Highest ranking Have budget and expertise to manage in-house Data privacy concerns discourage using a service provider Avoid service provider lock-in © 2020 Enterprise Management Associates, Inc.Slide 15
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 16 A Small Market With Big Potential © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Interest Level in MDR Services Adoption Slide 17 © 2020 Enterprise Management Associates, Inc. Is your organization currently evaluating an MDR service, considering adopting an MDR service, or planning to evaluate an MDR service in the next 12 to 18 months? 46% 33% 15% 6% Currently evaluating Considering adopting Planning to evaluate in the next 12 to 18 months None of the above
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Vertical Industry Interest in MDR Services Adoption Slide 18 © 2020 Enterprise Management Associates, Inc. 52% 37% 7% 4% 50% 25% 20% 5% 58% 32% 5% 5% 40% 35% 25% 0% 38% 38% 25% 0% Currently evaluating Considering adopting Planning to evaluate in the next 12 to 18 months None of the above Manufacturing Finance Healthcare Software Retail
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Level of Interest in Different Types of MDR Services Varies by Company Size Slide 19 © 2020 Enterprise Management Associates, Inc. Of the following types of MDR services, which is your organization interested in evaluating, planning to evaluate, or considering adopting in the next 12 to 18 months? 31% 33% 49% 20% 23% 65% 13% 13% 70% Managed SIEM service Next-generation endpoint detection and response service Both Enterprise Small-Midsized Enterprise Midmarket
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 20 MDR Usage Among Early Adopters © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Key Criteria in MDR Provider Selection Slide 21 © 2020 Enterprise Management Associates, Inc. 60% 35% 5% 60% 35% 5% 63% 35% 5% Very important Important Somewhat important Expertise in our vertical market Cloud workload or app coverage Near-term coverage for IoT devices
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Different-Sized Organizations Value Different MDR Functions Slide 22 © 2020 Enterprise Management Associates, Inc. Of the following capabilities most often associated with MDR service providers, which does your organization see as offering the greatest value? by How many employees are in your company worldwide? 0% 75% 25% 0% 52% 38% 10% 0% 44% 28% 11% 17% Network Threat Analytics Endpoint Detection and Response Active Threat Hunting Incident Response Enterprise Small-Midsized Enterprise Midmarket
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Do MDR Service Providers Augment or Replace Existing In-House Security Staff? Slide 23 © 2020 Enterprise Management Associates, Inc. 67% 33% Augment Replace
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Large Enterprises Consistently Buy More Services Slide 24 © 2020 Enterprise Management Associates, Inc. Which of the following services are included in your contract with your MDR provider? 75% 75% 0% 100% 50% 75% 75% 75% 75% 75% 48% 43% 10% 57% 19% 62% 48% 62% 52% 52% 17% 50% 33% 33% 11% 28% 33% 39% 50% 44% Threat hunting Vulnerability hunting Detection only Threat validation Alert triage Detection and response Threat remediation Vulnerability remediation Risk reporting Access to detection software Enterprise Small-Midsized Enterprise Midmarket
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Threats MDR Providers Uncover Slide 25 © 2020 Enterprise Management Associates, Inc. Which, if any, of the following types of threats has your MDR provider found so far that managed to bypass your organization's existing defenses? 12% 12% 11% 9% 9% 9% 8% 8% 8% 6% 4% 3% SQL injection Command and control activity Business email compromise/phishing Cross-site scripting Distributed denial of service Privilege escalation Fileless malware Insider threats Ransomware Social engineering Lateral movement Credential theft
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 26 Grading MDR Providers’ Performance © 2020 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Mean Time to Resolution Reductions Slide 27 © 2020 Enterprise Management Associates, Inc. Since your MDR provider began monitoring your organization's network, how much (if at all) have they reduced the mean time to resolution of attacks? 14% 23% 35% 23% 5% Between 75% to 100% Between 50% to 74% Between 25% to 49% Between 10% to 24% Less than 10%
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Satisfaction Levels on Four Aspects of MDR Provider Service Slide 28 © 2020 Enterprise Management Associates, Inc. On a scale from 1 to 5, with 1 being extremely satisfied and 5 being not at all satisfied, how satisfied is your organization with… 47% 47% 2% 5% 56% 30% 12% 2% 47% 44% 7% 2% 51% 37% 9% 2% 1 2 3 4 Availability of Provider's Professionals Level of Expertise Available Level of Context in Threat Reports Overall Service Level Sample Size = 43
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Wish List of Additional Services Slide 29 © 2020 Enterprise Management Associates, Inc. Which of the following services, if any, would you like to receive from your MDR provider that they don't currently offer? 17% 17% 16% 16% 16% 14% 4% Penetration testing Risk assessment Automation playbook recommendations Risk reporting Vulnerability remediation/management Response plan development None of the above
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Questions? Slide 30 © 2020 Enterprise Management Associates, Inc. Get the report at https://bit.ly/3f3H1Py

More Related Content

PDF
Unlocking High Fidelity Security
byEnterprise Management Associates
 
PDF
Cybersecurity report-vol-8
byMohamed Abdelhakim
 
PDF
A Definitive Market Guide to Deception Technology
byEnterprise Management Associates
 
PDF
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
byEnterprise Management Associates
 
PDF
Advancing Identity and Access Management to the Next Level with Contextual Aw...
byEnterprise Management Associates
 
PDF
EMA Megatrends in Cyber-Security
byEnterprise Management Associates
 
PDF
Accelerating Enhanced Threat Identification and Incident Investigation
byEnterprise Management Associates
 
PDF
Looking Beyond GDPR Compliance Deadline
byaccenture
 
Unlocking High Fidelity Security
byEnterprise Management Associates
 
Cybersecurity report-vol-8
byMohamed Abdelhakim
 
A Definitive Market Guide to Deception Technology
byEnterprise Management Associates
 
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
byEnterprise Management Associates
 
Advancing Identity and Access Management to the Next Level with Contextual Aw...
byEnterprise Management Associates
 
EMA Megatrends in Cyber-Security
byEnterprise Management Associates
 
Accelerating Enhanced Threat Identification and Incident Investigation
byEnterprise Management Associates
 
Looking Beyond GDPR Compliance Deadline
byaccenture
 

What's hot

PDF
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
byCapgemini
 
PPTX
Analytics Service Framework
byVishwanath Ramdas
 
PDF
Automating SOC1/2 Compliance- For a leading Software solution company in UK
byHappiest Minds Technologies
 
PDF
2018 U.S State of Cybercrime
byIDG
 
PDF
SAS for Insurance
bystuartdrose
 
PDF
Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...
byEnterprise Management Associates
 
PPTX
Vc us v4.0
byFixNix Inc.,
 
PDF
Assessing and Managing IT Security Risks
byChris Ross
 
PDF
eCrime-report-2011-accessible
byCharmaine Servado
 
PDF
Cscg cryptographic-key-trends-survey
byGeorge Wainblat
 
PPT
00 14092011-0900-derick-de leo
byguiabusinessmedia
 
PDF
How close is your organization to being breached | Safe Security
byRahul Tyagi
 
PDF
Platforms for Growth: Technology Innovations in the Insurance Industry
byState Street
 
PDF
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
byCognizant
 
PDF
2021 IDG Security Priorities Study
byIDG
 
PDF
Lets understand the GRC market well with Ponemon analysis- FixNix
byFixNix Inc.,
 
PPTX
Digital Transformation (Implications for the CXO)
byAnant Desai
 
PDF
Keeping security relevant amid digital transformation
bySymptai Consulting Limited
 
PDF
The Digital Multiplier: Five Steps To Digital Success In The Insurance Sector
byAccenture Insurance
 
PDF
Deloitte stay ahed of the game
byFranco Ferrario
 
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
byCapgemini
 
Analytics Service Framework
byVishwanath Ramdas
 
Automating SOC1/2 Compliance- For a leading Software solution company in UK
byHappiest Minds Technologies
 
2018 U.S State of Cybercrime
byIDG
 
SAS for Insurance
bystuartdrose
 
Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...
byEnterprise Management Associates
 
Vc us v4.0
byFixNix Inc.,
 
Assessing and Managing IT Security Risks
byChris Ross
 
eCrime-report-2011-accessible
byCharmaine Servado
 
Cscg cryptographic-key-trends-survey
byGeorge Wainblat
 
00 14092011-0900-derick-de leo
byguiabusinessmedia
 
How close is your organization to being breached | Safe Security
byRahul Tyagi
 
Platforms for Growth: Technology Innovations in the Insurance Industry
byState Street
 
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
byCognizant
 
2021 IDG Security Priorities Study
byIDG
 
Lets understand the GRC market well with Ponemon analysis- FixNix
byFixNix Inc.,
 
Digital Transformation (Implications for the CXO)
byAnant Desai
 
Keeping security relevant amid digital transformation
bySymptai Consulting Limited
 
The Digital Multiplier: Five Steps To Digital Success In The Insurance Sector
byAccenture Insurance
 
Deloitte stay ahed of the game
byFranco Ferrario
 

Similar to Managed Detection and Response: Selective Outsourcing for Understaffed SOCs and the Platforms That Enable MDR Services

PDF
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
byEnterprise Management Associates
 
PDF
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
byEnterprise Management Associates
 
PDF
Why Should Organizations Consider Extended Detection and Response (XDR)?
byEnterprise Management Associates
 
PDF
Cyber Threat Intelligence: Transforming Data into Relevant Intelligence
byEnterprise Management Associates
 
PDF
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
byEnterprise Management Associates
 
PPTX
"Navigate the MDR Marketplace Like a Pro!"
byAdvanced Technology Consulting (ATC)
 
PDF
Technical HIPAA Compliance Service | Security & Audits
byitindfw11
 
PDF
MDR Services – 24x7 Managed Detection and Response
byCyberNX Technologies Private Limited
 
PDF
Managed Detection anManaged Detection and Responsed
byitindfw11
 
PDF
Top 10 MDR Tools in 2025 - Boost Your Cyber Defence
byCyberNX Technologies Private Limited
 
PPTX
panw-cortex-xdr-customer-presentation.pptx
byduyanhNguyen70
 
PPTX
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
PDF
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
byRaffael Marty
 
PDF
MDR Security for Proactive Threat Protection A Vital Component in Modern Cybe...
bySafeAeon Inc.
 
PDF
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
byEnterprise Management Associates
 
PDF
The Value of Using Security Policy Orchestration and Automation for Improving...
byEnterprise Management Associates
 
PDF
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
byEnterprise Management Associates
 
PDF
Top 10 Tips for Selecting a Threat and Vulnerability Management Solution
byEnterprise Management Associates
 
PDF
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
byEnterprise Management Associates
 
PDF
Why managed detection and response is more important now than ever
byG’SECURE LABS
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
byEnterprise Management Associates
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
byEnterprise Management Associates
 
Why Should Organizations Consider Extended Detection and Response (XDR)?
byEnterprise Management Associates
 
Cyber Threat Intelligence: Transforming Data into Relevant Intelligence
byEnterprise Management Associates
 
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
byEnterprise Management Associates
 
"Navigate the MDR Marketplace Like a Pro!"
byAdvanced Technology Consulting (ATC)
 
Technical HIPAA Compliance Service | Security & Audits
byitindfw11
 
MDR Services – 24x7 Managed Detection and Response
byCyberNX Technologies Private Limited
 
Managed Detection anManaged Detection and Responsed
byitindfw11
 
Top 10 MDR Tools in 2025 - Boost Your Cyber Defence
byCyberNX Technologies Private Limited
 
panw-cortex-xdr-customer-presentation.pptx
byduyanhNguyen70
 
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
byRaffael Marty
 
MDR Security for Proactive Threat Protection A Vital Component in Modern Cybe...
bySafeAeon Inc.
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
byEnterprise Management Associates
 
The Value of Using Security Policy Orchestration and Automation for Improving...
byEnterprise Management Associates
 
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
byEnterprise Management Associates
 
Top 10 Tips for Selecting a Threat and Vulnerability Management Solution
byEnterprise Management Associates
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
byEnterprise Management Associates
 
Why managed detection and response is more important now than ever
byG’SECURE LABS
 

More from Enterprise Management Associates

PDF
The AI Advantage: How IT Leaders are Redefining Operations in 2025
byEnterprise Management Associates
 
PDF
Cloud Network Traffic Data: Empowering Network and Security Operations in the...
byEnterprise Management Associates
 
PDF
Applying Generative AI to IT Operations Research
byEnterprise Management Associates
 
PDF
Unifying Compliance Across Hybrid Clouds: How Network and Security Teams Can ...
byEnterprise Management Associates
 
PDF
The Future of Workload Automation and Orchestration: Driving Digital Transfor...
byEnterprise Management Associates
 
PDF
Network Observability: Managing Performance Across Hybrid Networks
byEnterprise Management Associates
 
PDF
Readying Enterprise Networks for Artificial Intelligence
byEnterprise Management Associates
 
PDF
Mastering Multi-Cloud: Network Strategies for Today's Hybrid Environments
byEnterprise Management Associates
 
PDF
How Network Teams are Powering Stronger Cybersecurity: Closing Gaps in Vulner...
byEnterprise Management Associates
 
PDF
Unlocking the Future of Observability: OpenTelemetry’s Role in IT Performance...
byEnterprise Management Associates
 
PDF
Migration Without Regret: Balancing Risk and Reward in Workload Automation Mo...
byEnterprise Management Associates
 
PDF
Zero Trust Networking: How Network Teams Support Cybersecurity
byEnterprise Management Associates
 
PDF
From Adversaries to Allies: Bridge the NetOps-SecOps Gap with Network Observa...
byEnterprise Management Associates
 
PDF
Network Management Megatrends 2024: Skills Gaps, Hybrid and Multi-Cloud, SASE...
byEnterprise Management Associates
 
PDF
Securing Tomorrow: The Role of AI in Transforming Cybersecurity
byEnterprise Management Associates
 
PDF
From Scripts to Platforms: Why Homegrown Tools Dominate Network Automation an...
byEnterprise Management Associates
 
PPTX
Network as a Service: Understanding the Cloud Consumption Model in Networking
byEnterprise Management Associates
 
PDF
Enterprise Strategies for Hybrid, Multi-Cloud Networks
byEnterprise Management Associates
 
PDF
Navigating the Future of Security Operations Centers (SOC) with Agentic AI
byEnterprise Management Associates
 
PDF
Orchestrating Data Transfers in the Digital Era: Navigating Challenges and So...
byEnterprise Management Associates
 
The AI Advantage: How IT Leaders are Redefining Operations in 2025
byEnterprise Management Associates
 
Cloud Network Traffic Data: Empowering Network and Security Operations in the...
byEnterprise Management Associates
 
Applying Generative AI to IT Operations Research
byEnterprise Management Associates
 
Unifying Compliance Across Hybrid Clouds: How Network and Security Teams Can ...
byEnterprise Management Associates
 
The Future of Workload Automation and Orchestration: Driving Digital Transfor...
byEnterprise Management Associates
 
Network Observability: Managing Performance Across Hybrid Networks
byEnterprise Management Associates
 
Readying Enterprise Networks for Artificial Intelligence
byEnterprise Management Associates
 
Mastering Multi-Cloud: Network Strategies for Today's Hybrid Environments
byEnterprise Management Associates
 
How Network Teams are Powering Stronger Cybersecurity: Closing Gaps in Vulner...
byEnterprise Management Associates
 
Unlocking the Future of Observability: OpenTelemetry’s Role in IT Performance...
byEnterprise Management Associates
 
Migration Without Regret: Balancing Risk and Reward in Workload Automation Mo...
byEnterprise Management Associates
 
Zero Trust Networking: How Network Teams Support Cybersecurity
byEnterprise Management Associates
 
From Adversaries to Allies: Bridge the NetOps-SecOps Gap with Network Observa...
byEnterprise Management Associates
 
Network Management Megatrends 2024: Skills Gaps, Hybrid and Multi-Cloud, SASE...
byEnterprise Management Associates
 
Securing Tomorrow: The Role of AI in Transforming Cybersecurity
byEnterprise Management Associates
 
From Scripts to Platforms: Why Homegrown Tools Dominate Network Automation an...
byEnterprise Management Associates
 
Network as a Service: Understanding the Cloud Consumption Model in Networking
byEnterprise Management Associates
 
Enterprise Strategies for Hybrid, Multi-Cloud Networks
byEnterprise Management Associates
 
Navigating the Future of Security Operations Centers (SOC) with Agentic AI
byEnterprise Management Associates
 
Orchestrating Data Transfers in the Digital Era: Navigating Challenges and So...
byEnterprise Management Associates
 

Recently uploaded

PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
December Patch Tuesday
byIvanti
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
December Patch Tuesday
byIvanti
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 

Managed Detection and Response: Selective Outsourcing for Understaffed SOCs and the Platforms That Enable MDR Services

  • 1.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Paula Musich Research Director, Security & Risk Management Enterprise Management Associates (EMA) PMusich@enterprisemanagement.com Managed Detection and Response Selective Outsourcing for Understaffed SOCs and the Platforms That Enable MDR Services
  • 2.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Watch the On-Demand Webinar Slide 2 • Watch the Managed Detection and Response on-demand research webinar: https://info.enterprisemanagement.com/managed-detection-and- response-webinar-2020-ws • Check out upcoming webinars from EMA here: http://www.enterprisemanagement.com/freeResearch
  • 3.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Featured Speaker Paula Musich, Research Director, Security and Risk Management, EMA Paula brings over 30 years of experience covering the IT security and networking technology markets. She has been an IT security analyst for 12 years, including as a research director at NSS Labs, and earlier as the principal analyst for enterprise security for Current Analysis. As a security technology analyst, Paula has tracked and analyzed competitive developments in the information security market ranging from deception technology, encryption, network and endpoint security to bot mitigation, security automation, data loss prevention, and more. Slide 3 © 2020 Enterprise Management Associates, Inc.
  • 4.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Sponsors Slide 4 © 2020 Enterprise Management Associates, Inc.
  • 5.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Agenda • Introduction • Methodology & Demographics • Setting the Stage • A Small Market With Big Potential • MDR Usage Among Early Adopters • Grading MDR Providers’ Performance Slide 5 © 2020 Enterprise Management Associates, Inc.
  • 6.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 6 Introduction © 2020 Enterprise Management Associates, Inc.
  • 7.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2020 Enterprise Management Associates, Inc.Slide 7
  • 8.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 8 © 2020 Enterprise Management Associates, Inc.  Providers Carry Out for Their Clients  Threat Detection  Threat Hunting  Threat Intelligence Management  Event Investigation and Analysis  Threat Validation  Alert Triage  Threat Remediation  Risk Reporting And sometimes  Vulnerability Hunting  Vulnerability Remediation Check List of Activities MDR
  • 9.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 9 Methodology & Demographics © 2020 Enterprise Management Associates, Inc.
  • 10.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Demographics • Company Size • 30% Enterprise • 47% SME • 23% Midmarket • Annual IT Budget • 27% <$10 Million • 24% $10 - <$25 Million • 20% $25 - <$50 Million • 17% $50 - <$100 Million • 11% +$100 Million • Geography • North America • Number of Respondents • 179 • Vertical Industries • 19% Manufacturing • 15% Finance • 13% Healthcare • 12% Software • 8% Retail Slide 10 © 2020 Enterprise Management Associates, Inc.
  • 11.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING IT vs. Cybersecurity Budget Changes 2% 10% 40% 33% 8% 6% 0% 0% 2% 34% 49% 12% 2% 1% Increased between 50% and 75% Increased between 25% and 50% Increased between 10% and 25% Increased less than 10% Stayed the same Decreased less than 10% Decreased between 10% and 25% IT budgets Cybersecurity budgets © 2020 Enterprise Management Associates, Inc.Slide 11
  • 12.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 12 Setting the Stage © 2020 Enterprise Management Associates, Inc.
  • 13.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2020 Enterprise Management Associates, Inc.Slide 13
  • 14.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Respondent Involvement in Threat Detection and Response Solutions 17% 19% 18% 16% 19% 13% Develop requirements Evaluate Approve/Purchase Deploy/Support Manage/Maintain the tools Use as part of my job © 2020 Enterprise Management Associates, Inc.Slide 14
  • 15.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Why manage threat detection and response internally? 32% 31% 12% Highest ranking Have budget and expertise to manage in-house Data privacy concerns discourage using a service provider Avoid service provider lock-in © 2020 Enterprise Management Associates, Inc.Slide 15
  • 16.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 16 A Small Market With Big Potential © 2020 Enterprise Management Associates, Inc.
  • 17.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Interest Level in MDR Services Adoption Slide 17 © 2020 Enterprise Management Associates, Inc. Is your organization currently evaluating an MDR service, considering adopting an MDR service, or planning to evaluate an MDR service in the next 12 to 18 months? 46% 33% 15% 6% Currently evaluating Considering adopting Planning to evaluate in the next 12 to 18 months None of the above
  • 18.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Vertical Industry Interest in MDR Services Adoption Slide 18 © 2020 Enterprise Management Associates, Inc. 52% 37% 7% 4% 50% 25% 20% 5% 58% 32% 5% 5% 40% 35% 25% 0% 38% 38% 25% 0% Currently evaluating Considering adopting Planning to evaluate in the next 12 to 18 months None of the above Manufacturing Finance Healthcare Software Retail
  • 19.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Level of Interest in Different Types of MDR Services Varies by Company Size Slide 19 © 2020 Enterprise Management Associates, Inc. Of the following types of MDR services, which is your organization interested in evaluating, planning to evaluate, or considering adopting in the next 12 to 18 months? 31% 33% 49% 20% 23% 65% 13% 13% 70% Managed SIEM service Next-generation endpoint detection and response service Both Enterprise Small-Midsized Enterprise Midmarket
  • 20.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 20 MDR Usage Among Early Adopters © 2020 Enterprise Management Associates, Inc.
  • 21.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Key Criteria in MDR Provider Selection Slide 21 © 2020 Enterprise Management Associates, Inc. 60% 35% 5% 60% 35% 5% 63% 35% 5% Very important Important Somewhat important Expertise in our vertical market Cloud workload or app coverage Near-term coverage for IoT devices
  • 22.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Different-Sized Organizations Value Different MDR Functions Slide 22 © 2020 Enterprise Management Associates, Inc. Of the following capabilities most often associated with MDR service providers, which does your organization see as offering the greatest value? by How many employees are in your company worldwide? 0% 75% 25% 0% 52% 38% 10% 0% 44% 28% 11% 17% Network Threat Analytics Endpoint Detection and Response Active Threat Hunting Incident Response Enterprise Small-Midsized Enterprise Midmarket
  • 23.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Do MDR Service Providers Augment or Replace Existing In-House Security Staff? Slide 23 © 2020 Enterprise Management Associates, Inc. 67% 33% Augment Replace
  • 24.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Large Enterprises Consistently Buy More Services Slide 24 © 2020 Enterprise Management Associates, Inc. Which of the following services are included in your contract with your MDR provider? 75% 75% 0% 100% 50% 75% 75% 75% 75% 75% 48% 43% 10% 57% 19% 62% 48% 62% 52% 52% 17% 50% 33% 33% 11% 28% 33% 39% 50% 44% Threat hunting Vulnerability hunting Detection only Threat validation Alert triage Detection and response Threat remediation Vulnerability remediation Risk reporting Access to detection software Enterprise Small-Midsized Enterprise Midmarket
  • 25.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Threats MDR Providers Uncover Slide 25 © 2020 Enterprise Management Associates, Inc. Which, if any, of the following types of threats has your MDR provider found so far that managed to bypass your organization's existing defenses? 12% 12% 11% 9% 9% 9% 8% 8% 8% 6% 4% 3% SQL injection Command and control activity Business email compromise/phishing Cross-site scripting Distributed denial of service Privilege escalation Fileless malware Insider threats Ransomware Social engineering Lateral movement Credential theft
  • 26.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 26 Grading MDR Providers’ Performance © 2020 Enterprise Management Associates, Inc.
  • 27.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Mean Time to Resolution Reductions Slide 27 © 2020 Enterprise Management Associates, Inc. Since your MDR provider began monitoring your organization's network, how much (if at all) have they reduced the mean time to resolution of attacks? 14% 23% 35% 23% 5% Between 75% to 100% Between 50% to 74% Between 25% to 49% Between 10% to 24% Less than 10%
  • 28.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Satisfaction Levels on Four Aspects of MDR Provider Service Slide 28 © 2020 Enterprise Management Associates, Inc. On a scale from 1 to 5, with 1 being extremely satisfied and 5 being not at all satisfied, how satisfied is your organization with… 47% 47% 2% 5% 56% 30% 12% 2% 47% 44% 7% 2% 51% 37% 9% 2% 1 2 3 4 Availability of Provider's Professionals Level of Expertise Available Level of Context in Threat Reports Overall Service Level Sample Size = 43
  • 29.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Wish List of Additional Services Slide 29 © 2020 Enterprise Management Associates, Inc. Which of the following services, if any, would you like to receive from your MDR provider that they don't currently offer? 17% 17% 16% 16% 16% 14% 4% Penetration testing Risk assessment Automation playbook recommendations Risk reporting Vulnerability remediation/management Response plan development None of the above
  • 30.
    IT & DATAMANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Questions? Slide 30 © 2020 Enterprise Management Associates, Inc. Get the report at https://bit.ly/3f3H1Py