Managed Detection and Response: Selective Outsourcing for Understaffed SOCs and the Platforms That Enable MDR Services
0 likes188 views
The document discusses managed detection and response (MDR) services, emphasizing their importance for organizations facing understaffed security operations centers (SOCs). It outlines the activities involved in MDR, the demographics of survey respondents, and the interest and adoption levels in various industries. Additionally, it highlights key criteria for MDR provider selection, the effectiveness of services, and areas for improvement based on user feedback.
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs and the Platforms That Enable MDR Services
- 1. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Paula Musich Research Director, Security & Risk Management Enterprise Management Associates (EMA) PMusich@enterprisemanagement.com Managed Detection and Response Selective Outsourcing for Understaffed SOCs and the Platforms That Enable MDR Services
- 2. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Watch the On-Demand Webinar Slide 2 • Watch the Managed Detection and Response on-demand research webinar: https://info.enterprisemanagement.com/managed-detection-and- response-webinar-2020-ws • Check out upcoming webinars from EMA here: http://www.enterprisemanagement.com/freeResearch
- 3. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Featured Speaker Paula Musich, Research Director, Security and Risk Management, EMA Paula brings over 30 years of experience covering the IT security and networking technology markets. She has been an IT security analyst for 12 years, including as a research director at NSS Labs, and earlier as the principal analyst for enterprise security for Current Analysis. As a security technology analyst, Paula has tracked and analyzed competitive developments in the information security market ranging from deception technology, encryption, network and endpoint security to bot mitigation, security automation, data loss prevention, and more. Slide 3 © 2020 Enterprise Management Associates, Inc.
- 4. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Sponsors Slide 4 © 2020 Enterprise Management Associates, Inc.
- 5. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Agenda • Introduction • Methodology & Demographics • Setting the Stage • A Small Market With Big Potential • MDR Usage Among Early Adopters • Grading MDR Providers’ Performance Slide 5 © 2020 Enterprise Management Associates, Inc.
- 6. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 6 Introduction © 2020 Enterprise Management Associates, Inc.
- 7. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2020 Enterprise Management Associates, Inc.Slide 7
- 8. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 8 © 2020 Enterprise Management Associates, Inc. Providers Carry Out for Their Clients Threat Detection Threat Hunting Threat Intelligence Management Event Investigation and Analysis Threat Validation Alert Triage Threat Remediation Risk Reporting And sometimes Vulnerability Hunting Vulnerability Remediation Check List of Activities MDR
- 9. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 9 Methodology & Demographics © 2020 Enterprise Management Associates, Inc.
- 10. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Demographics • Company Size • 30% Enterprise • 47% SME • 23% Midmarket • Annual IT Budget • 27% <$10 Million • 24% $10 - <$25 Million • 20% $25 - <$50 Million • 17% $50 - <$100 Million • 11% +$100 Million • Geography • North America • Number of Respondents • 179 • Vertical Industries • 19% Manufacturing • 15% Finance • 13% Healthcare • 12% Software • 8% Retail Slide 10 © 2020 Enterprise Management Associates, Inc.
- 11. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING IT vs. Cybersecurity Budget Changes 2% 10% 40% 33% 8% 6% 0% 0% 2% 34% 49% 12% 2% 1% Increased between 50% and 75% Increased between 25% and 50% Increased between 10% and 25% Increased less than 10% Stayed the same Decreased less than 10% Decreased between 10% and 25% IT budgets Cybersecurity budgets © 2020 Enterprise Management Associates, Inc.Slide 11
- 12. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 12 Setting the Stage © 2020 Enterprise Management Associates, Inc.
- 13. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2020 Enterprise Management Associates, Inc.Slide 13
- 14. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Respondent Involvement in Threat Detection and Response Solutions 17% 19% 18% 16% 19% 13% Develop requirements Evaluate Approve/Purchase Deploy/Support Manage/Maintain the tools Use as part of my job © 2020 Enterprise Management Associates, Inc.Slide 14
- 15. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Why manage threat detection and response internally? 32% 31% 12% Highest ranking Have budget and expertise to manage in-house Data privacy concerns discourage using a service provider Avoid service provider lock-in © 2020 Enterprise Management Associates, Inc.Slide 15
- 16. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 16 A Small Market With Big Potential © 2020 Enterprise Management Associates, Inc.
- 17. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Interest Level in MDR Services Adoption Slide 17 © 2020 Enterprise Management Associates, Inc. Is your organization currently evaluating an MDR service, considering adopting an MDR service, or planning to evaluate an MDR service in the next 12 to 18 months? 46% 33% 15% 6% Currently evaluating Considering adopting Planning to evaluate in the next 12 to 18 months None of the above
- 18. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Vertical Industry Interest in MDR Services Adoption Slide 18 © 2020 Enterprise Management Associates, Inc. 52% 37% 7% 4% 50% 25% 20% 5% 58% 32% 5% 5% 40% 35% 25% 0% 38% 38% 25% 0% Currently evaluating Considering adopting Planning to evaluate in the next 12 to 18 months None of the above Manufacturing Finance Healthcare Software Retail
- 19. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Level of Interest in Different Types of MDR Services Varies by Company Size Slide 19 © 2020 Enterprise Management Associates, Inc. Of the following types of MDR services, which is your organization interested in evaluating, planning to evaluate, or considering adopting in the next 12 to 18 months? 31% 33% 49% 20% 23% 65% 13% 13% 70% Managed SIEM service Next-generation endpoint detection and response service Both Enterprise Small-Midsized Enterprise Midmarket
- 20. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 20 MDR Usage Among Early Adopters © 2020 Enterprise Management Associates, Inc.
- 21. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Key Criteria in MDR Provider Selection Slide 21 © 2020 Enterprise Management Associates, Inc. 60% 35% 5% 60% 35% 5% 63% 35% 5% Very important Important Somewhat important Expertise in our vertical market Cloud workload or app coverage Near-term coverage for IoT devices
- 22. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Different-Sized Organizations Value Different MDR Functions Slide 22 © 2020 Enterprise Management Associates, Inc. Of the following capabilities most often associated with MDR service providers, which does your organization see as offering the greatest value? by How many employees are in your company worldwide? 0% 75% 25% 0% 52% 38% 10% 0% 44% 28% 11% 17% Network Threat Analytics Endpoint Detection and Response Active Threat Hunting Incident Response Enterprise Small-Midsized Enterprise Midmarket
- 23. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Do MDR Service Providers Augment or Replace Existing In-House Security Staff? Slide 23 © 2020 Enterprise Management Associates, Inc. 67% 33% Augment Replace
- 24. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Large Enterprises Consistently Buy More Services Slide 24 © 2020 Enterprise Management Associates, Inc. Which of the following services are included in your contract with your MDR provider? 75% 75% 0% 100% 50% 75% 75% 75% 75% 75% 48% 43% 10% 57% 19% 62% 48% 62% 52% 52% 17% 50% 33% 33% 11% 28% 33% 39% 50% 44% Threat hunting Vulnerability hunting Detection only Threat validation Alert triage Detection and response Threat remediation Vulnerability remediation Risk reporting Access to detection software Enterprise Small-Midsized Enterprise Midmarket
- 25. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Threats MDR Providers Uncover Slide 25 © 2020 Enterprise Management Associates, Inc. Which, if any, of the following types of threats has your MDR provider found so far that managed to bypass your organization's existing defenses? 12% 12% 11% 9% 9% 9% 8% 8% 8% 6% 4% 3% SQL injection Command and control activity Business email compromise/phishing Cross-site scripting Distributed denial of service Privilege escalation Fileless malware Insider threats Ransomware Social engineering Lateral movement Credential theft
- 26. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 26 Grading MDR Providers’ Performance © 2020 Enterprise Management Associates, Inc.
- 27. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Mean Time to Resolution Reductions Slide 27 © 2020 Enterprise Management Associates, Inc. Since your MDR provider began monitoring your organization's network, how much (if at all) have they reduced the mean time to resolution of attacks? 14% 23% 35% 23% 5% Between 75% to 100% Between 50% to 74% Between 25% to 49% Between 10% to 24% Less than 10%
- 28. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Satisfaction Levels on Four Aspects of MDR Provider Service Slide 28 © 2020 Enterprise Management Associates, Inc. On a scale from 1 to 5, with 1 being extremely satisfied and 5 being not at all satisfied, how satisfied is your organization with… 47% 47% 2% 5% 56% 30% 12% 2% 47% 44% 7% 2% 51% 37% 9% 2% 1 2 3 4 Availability of Provider's Professionals Level of Expertise Available Level of Context in Threat Reports Overall Service Level Sample Size = 43
- 29. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Wish List of Additional Services Slide 29 © 2020 Enterprise Management Associates, Inc. Which of the following services, if any, would you like to receive from your MDR provider that they don't currently offer? 17% 17% 16% 16% 16% 14% 4% Penetration testing Risk assessment Automation playbook recommendations Risk reporting Vulnerability remediation/management Response plan development None of the above
- 30. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Questions? Slide 30 © 2020 Enterprise Management Associates, Inc. Get the report at https://bit.ly/3f3H1Py