We’re on a Mission: Separating MDR Contenders From Pretenders
Enterprise adoption of Managed Detection and Response (MDR) services is accelerating with Gartner estimating that “by 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment and mitigation capabilities.”
Naturally this significant market opportunity has attracted hundreds of players with more joining every day. While they all talk a good game and vow that they alone “deliver outcomes” the reality is that they can’t – but fortunately we can.
The secret to our MDR service is the unique Cybersecurity Missions-driven approach we take. Because the stakes are high, we run security like a space mission bridging the silos of IT and security and go beyond detection and alerting, to mitigation, prevention and resilience - delivering true cybersecurity maturity improvements.
Cybersecurity Missions are Key
Effectively mitigating cyber threats is hard. It requires a far more strategic approach than simply detecting and responding to alerts – one that leverages repeatable sets of best practices that reinforce each other to achieve specific meaningful security outcomes. We call these repeatable sets of best practices Cybersecurity Missions.
Our MDR service enables enterprises to execute the Cybersecurity Missions required to keep their organizations safe. By extending the scope of traditional MDR offerings to continually assess a company’s assets and implement prevention techniques to harden the environment, our MDR service helps thwart attacks earlier in the kill chain and reduces the attack surface to improve detection and response efficacy. Because Cybersecurity Missions are designed to run repeatedly, the longer a customer uses our MDR service the stronger its overall security posture becomes.
Mission Control is our 24x7 global security operation that powers our MDR service and enables us to execute the Cybersecurity Missions that keep customers safe. Mission Control brings together the optimal combination of people, processes and technology required to mitigate threats – not just detect them.
Our Mission Control security operation centers (SOC) are strategically located around the world to provide round-the-clock protection and are staffed with a combination of security experts, infrastructure experts, and data scientistss who operate as an extension of customers’ SecOps teams. Our Mission Control analysts and engineers each undergo 400+ hours of bespoke security training. These security experts team up with infrastructure experts who have the deep knowledge of attack surfaces necessary to effectively mitigate threats without compromising on-going business operations. We arm these world-class teams with ML-power high fidelity detection and comprehensive data to ensure they can detect threats and make critical decisions faster and more accurately.
Both teams are augmented with our data science team, who continually automates security and operational practices to increase overall SOC efficiency and efficacy.
The combination of our Cybersecurity Missions-centric approach, highly trained staff of experts and 30-years of managed services know-how has competitors, customers and industry watchers increasingly taking notice of Open Systems.
The most recent example is our being listed as a Representative Vendor in Gartner’s 2021 Market Guide for Managed Detection and Response Services1 (MDR). This marks the second consecutive year we have been recognized as a Representative Vendor in this report, which we believe highlights Open Systems’ leadership amongst the vendors in this crowded and noisy marketspace.
It’s an insightful report with several findings we think are worth noting, including:
- The report states that “the number of managed detection and response (MDR) service providers and the range of styles continue to increase, causing challenges for buyers looking to identify and select an appropriate provider.” Consequently, the report goes on to recommend that “organizations must perform sufficient due diligence on the MDR providers before signing a contract.” We wholeheartedly agree with Gartner that customers must carefully evaluate their options because not all MDR providers are created equal.
- Another key finding the report has for organizations evaluating potential MDR providers is that “a turnkey technology stack is still a core requirement.” Our MDR service enables customers to take full advantage of their existing security investments by reducing tools and increasing automation. Additionally, Open Systems’ unparalleled expertise in enterprises’ Microsoft business operating systems enables customers to increase SOC and IT alignment.
- The report also notes the failure of many organizations MDR efforts “because of the focus on wide-scale collection of data and generic security monitoring.” Instead, the report recommends “they should be focusing on risks and outcomes that will directly impact their business objectives.” Open Systems employs an such outcome-driven process with its MDR solution, which maps to business risk. This approach requires identifying the security missions each customer needs accomplished, followed by the creation of reliable and repeatable process that go beyond reacting to threats to help improve each customer’s security maturity.
- The Gartner report notes that quickly responding to threats is a key requirement for MDR services, stating “security and risk management leaders are increasingly cognizant that reducing the time to detect a threat is meaningless without a corresponding reduction in the time to respond to a threat and enable a return to a known good state.” Related to this, the report further notes that “active mitigation to contain and disrupt threats is now a core capability of MDR service providers.”
- Open Systems recognized this requirement long ago and its MDR service employs a variety of methods to identify and contain threats as early as possible in the cyber kill chain. Today's sophisticated threats are often multi-staged campaigns in which threat actors will pivot to alternate tactics when they are detected. As a result, it is important for MDR companies to support multiple containment and remediation options across several threat vectors in order to minimize disruption and restore targets to known good states.