June 18, 2024 By Doug Bonderud 3 min read

Research firm IDC recently released its 2024 Worldwide Managed Detection and Response Vendor Assessment, which both highlights leaders in the market and examines the evolution of MDR as a critical component of IT security infrastructure. Here are the key takeaways.

The current state of MDR

According to the assessment, “the MDR market has evolved extensively over the past couple of years. This should be seen as a positive movement as MDR providers have had to evolve to meet the growing threat landscape and heightened customer expectations.”

For example, complete visibility into MDR operations is now a priority for organizations. This visibility includes table-stake metrics, such as mean time to detect (MTTD) and mean time to respond (MTTR), along with the ability to view and track statistics related to provider performance from initial detection to remedial action.

In addition, the assessment highlights the need for MDR providers to develop long-lasting relationships with clients. In their responses to IDC, many companies noted that employees of MDR providers felt like extensions of their own IT teams.

MDR vs MXDR

The IDC report also speaks to the growing impact of managed extended detection and response (MXDR) platforms. While similar in function, MXDR deployments typically provide longer reach. Thanks to its roots as an extension of endpoint detection and response (EDR), MXDR solutions can detect and respond to threats that occur beyond the endpoint.

There are also potential downsides to deploying MXDR. Organizations with deep, customized security tooling may find that traditional MDR remains more cost-effective and less complex. “Investing into an MXDR provider should occur with an extra dose of due diligence,” says the report, “as the road to switch out of that service is filled with more potholes than it would take to switch off a traditional MDR service.”

Download the report

Four questions before an MDR deployment

For enterprises considering an MDR deployment, four questions are critical:

1. How does the provider handle incident response?

Some providers offer a set number of hours for incident response before additional costs apply. Others include unlimited response hours or offer financial compensation if IR is required.

Before selecting an MDR provider, companies should compare incident response capabilities and read the fine print on these offerings. In much the same way as a cyber insurance policy, contract details can make or break the value of IR offerings.

2. What level of support does the provider offer?

Support is also a critical consideration. For example, if a provider offers unlimited incident response hours but takes days to respond after an incident, service costs may outweigh the benefits. According to the IDC report, IBM’s MDR support was described as “very responsive.”

3. How are costs calculated?

Cost frameworks for MDR vary by provider. In some cases, pricing is based on data ingestion. In others, costs may be tied to the number of tickets or events generated or the number of endpoints protected.

It’s also worth noting that the definition of “endpoint” isn’t standardized. IT leaders should always read the fine print to ensure they know exactly which devices are covered.

4. Does the MDR deployment facilitate additional use cases?

The expanding scope of threat detection and response services may allow companies to extend the reach of MDR to additional use cases. For example, one customer in the IDC report had plans to use IBM’s MDR solution as the foundation for red team exercises.

Getting the most out of MDR

While evolving options such as MXDR are changing the market landscape, the IDC assessment makes it clear that traditional MDR solutions enable enterprises to streamline security operations and develop reciprocal provider relationships.

Ready to get started with MDR? Named a leader in the IDC MarketScape: Worldwide Managed Detection and Response 2024 Vendor Assessment, IDC calls out how IBM’s MDR customers praised the company when asked about the ready availability of the company’s strategic consulting services (i.e., incident readiness planning, risk assessments) and technical consulting services (e.g., security testing, vulnerability assessments). In addition, they highlighted IBM’s AI/ML capabilities, SOC compliance standards, proactive threat hunting, integration with EDR technologies and a global team operating in over 110 countries to deliver 24 x 7 x 365 coverage for its clients.

Learn more about IBM’s Threat Detection and Response services or inquire about a no-cost Threat management workshop.

More from News

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today