Research firm IDC recently released its 2024 Worldwide Managed Detection and Response Vendor Assessment, which both highlights leaders in the market and examines the evolution of MDR as a critical component of IT security infrastructure. Here are the key takeaways.

The current state of MDR

According to the assessment, “the MDR market has evolved extensively over the past couple of years. This should be seen as a positive movement as MDR providers have had to evolve to meet the growing threat landscape and heightened customer expectations.”

For example, complete visibility into MDR operations is now a priority for organizations. This visibility includes table-stake metrics, such as mean time to detect (MTTD) and mean time to respond (MTTR), along with the ability to view and track statistics related to provider performance from initial detection to remedial action.

In addition, the assessment highlights the need for MDR providers to develop long-lasting relationships with clients. In their responses to IDC, many companies noted that employees of MDR providers felt like extensions of their own IT teams.

MDR vs MXDR

The IDC report also speaks to the growing impact of managed extended detection and response (MXDR) platforms. While similar in function, MXDR deployments typically provide longer reach. Thanks to its roots as an extension of endpoint detection and response (EDR), MXDR solutions can detect and respond to threats that occur beyond the endpoint.

There are also potential downsides to deploying MXDR. Organizations with deep, customized security tooling may find that traditional MDR remains more cost-effective and less complex. “Investing into an MXDR provider should occur with an extra dose of due diligence,” says the report, “as the road to switch out of that service is filled with more potholes than it would take to switch off a traditional MDR service.”

Four questions before an MDR deployment

For enterprises considering an MDR deployment, four questions are critical:

1. How does the provider handle incident response?

Some providers offer a set number of hours for incident response before additional costs apply. Others include unlimited response hours or offer financial compensation if IR is required.

Before selecting an MDR provider, companies should compare incident response capabilities and read the fine print on these offerings. In much the same way as a cyber insurance policy, contract details can make or break the value of IR offerings.

2. What level of support does the provider offer?

Support is also a critical consideration. For example, if a provider offers unlimited incident response hours but takes days to respond after an incident, service costs may outweigh the benefits. According to the IDC report, IBM’s MDR support was described as “very responsive.”

3. How are costs calculated?

Cost frameworks for MDR vary by provider. In some cases, pricing is based on data ingestion. In others, costs may be tied to the number of tickets or events generated or the number of endpoints protected.

It’s also worth noting that the definition of “endpoint” isn’t standardized. IT leaders should always read the fine print to ensure they know exactly which devices are covered.

4. Does the MDR deployment facilitate additional use cases?

The expanding scope of threat detection and response services may allow companies to extend the reach of MDR to additional use cases. For example, one customer in the IDC report had plans to use IBM’s MDR solution as the foundation for red team exercises.

Getting the most out of MDR

While evolving options such as MXDR are changing the market landscape, the IDC assessment makes it clear that traditional MDR solutions enable enterprises to streamline security operations and develop reciprocal provider relationships.

Ready to get started with MDR? Named a leader in the IDC MarketScape: Worldwide Managed Detection and Response 2024 Vendor Assessment, IDC calls out how IBM’s MDR customers praised the company when asked about the ready availability of the company’s strategic consulting services (i.e., incident readiness planning, risk assessments) and technical consulting services (e.g., security testing, vulnerability assessments). In addition, they highlighted IBM’s AI/ML capabilities, SOC compliance standards, proactive threat hunting, integration with EDR technologies and a global team operating in over 110 countries to deliver 24 x 7 x 365 coverage for its clients.

Learn more about IBM’s Threat Detection and Response services or inquire about a no-cost Threat management workshop.