June 18, 2024 By Doug Bonderud 3 min read

Research firm IDC recently released its 2024 Worldwide Managed Detection and Response Vendor Assessment, which both highlights leaders in the market and examines the evolution of MDR as a critical component of IT security infrastructure. Here are the key takeaways.

The current state of MDR

According to the assessment, “the MDR market has evolved extensively over the past couple of years. This should be seen as a positive movement as MDR providers have had to evolve to meet the growing threat landscape and heightened customer expectations.”

For example, complete visibility into MDR operations is now a priority for organizations. This visibility includes table-stake metrics, such as mean time to detect (MTTD) and mean time to respond (MTTR), along with the ability to view and track statistics related to provider performance from initial detection to remedial action.

In addition, the assessment highlights the need for MDR providers to develop long-lasting relationships with clients. In their responses to IDC, many companies noted that employees of MDR providers felt like extensions of their own IT teams.


The IDC report also speaks to the growing impact of managed extended detection and response (MXDR) platforms. While similar in function, MXDR deployments typically provide longer reach. Thanks to its roots as an extension of endpoint detection and response (EDR), MXDR solutions can detect and respond to threats that occur beyond the endpoint.

There are also potential downsides to deploying MXDR. Organizations with deep, customized security tooling may find that traditional MDR remains more cost-effective and less complex. “Investing into an MXDR provider should occur with an extra dose of due diligence,” says the report, “as the road to switch out of that service is filled with more potholes than it would take to switch off a traditional MDR service.”

Download the report

Four questions before an MDR deployment

For enterprises considering an MDR deployment, four questions are critical:

1. How does the provider handle incident response?

Some providers offer a set number of hours for incident response before additional costs apply. Others include unlimited response hours or offer financial compensation if IR is required.

Before selecting an MDR provider, companies should compare incident response capabilities and read the fine print on these offerings. In much the same way as a cyber insurance policy, contract details can make or break the value of IR offerings.

2. What level of support does the provider offer?

Support is also a critical consideration. For example, if a provider offers unlimited incident response hours but takes days to respond after an incident, service costs may outweigh the benefits. According to the IDC report, IBM’s MDR support was described as “very responsive.”

3. How are costs calculated?

Cost frameworks for MDR vary by provider. In some cases, pricing is based on data ingestion. In others, costs may be tied to the number of tickets or events generated or the number of endpoints protected.

It’s also worth noting that the definition of “endpoint” isn’t standardized. IT leaders should always read the fine print to ensure they know exactly which devices are covered.

4. Does the MDR deployment facilitate additional use cases?

The expanding scope of threat detection and response services may allow companies to extend the reach of MDR to additional use cases. For example, one customer in the IDC report had plans to use IBM’s MDR solution as the foundation for red team exercises.

Getting the most out of MDR

While evolving options such as MXDR are changing the market landscape, the IDC assessment makes it clear that traditional MDR solutions enable enterprises to streamline security operations and develop reciprocal provider relationships.

Ready to get started with MDR? Named a leader in the IDC MarketScape: Worldwide Managed Detection and Response 2024 Vendor Assessment, IDC calls out how IBM’s MDR customers praised the company when asked about the ready availability of the company’s strategic consulting services (i.e., incident readiness planning, risk assessments) and technical consulting services (e.g., security testing, vulnerability assessments). In addition, they highlighted IBM’s AI/ML capabilities, SOC compliance standards, proactive threat hunting, integration with EDR technologies and a global team operating in over 110 countries to deliver 24 x 7 x 365 coverage for its clients.

Learn more about IBM’s Threat Detection and Response services or inquire about a no-cost Threat management workshop.

More from News

Hackers are increasingly targeting auto dealers

3 min read - Update as of July 11, 2024 In late June, more than 15,000 car dealerships across North America were affected by a cyberattack on CDK Global, which provides software to car dealers. After two cyberattacks over two days, CDK shut down all systems, which caused delays for car buyers and disruptions for the dealerships. Many dealerships went back to manual processes, including handwriting up orders, so that sales could continue at a slower pace. Car buyers who recently bought a car from…

CISA director says banning ransomware payments is off the table

3 min read - The FBI, CISA and NSA all strongly advise against organizations making ransomware payments if they fall victim to ransomware attacks. If so, why not place a ban on paying ransomware demands? The topic came up at a recent Oxford Cyber Forum. Jen Easterly, Director of CISA, commented on the issue, saying, “I think within our system in the U.S. — just from a practical perspective — I don’t see it happening.” It’s unlikely this was a purely spontaneous remark as the…

A proactive cybersecurity policy is not just smart — it’s essential

3 min read - It’s easy to focus on the “after” when it comes to cybersecurity: How to stop an attack after it begins and how to recover when it's over. But while a reactive response sort of worked in the past, it simply is not good enough in today’s world. Not only are attacks more intense and more damaging than ever before, but cyber criminals also use so many different attack methods. Zscaler ThreatLabz 2024 Phishing Report found that phishing attacks increased by…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today