Dave Martin | October 6, 2020
Gartner’s 2020 Managed Detection and Response Market Guide is a must read for anyone interested in cybersecurity services and best practices. But there are a few things in particular that we believe are worthy of note.
The first is that Gartner has named Open Systems a Representative Vendor. The report notes that “listed here are those that are visible to Gartner clients based on inquiries, have differentiators representative of the dynamic nature of the MDR market, and represent future capabilities and offerings that may drive the direction of the market.”
We believe being mentioned in this report shows that our MDR service is quickly catching on with our customers and Gartner clients. I think a key reason for the growing popularity of our service is that it perfectly addresses the requirements of several types of customers.
The Types of Companies Adopting MDR
As the report states, there are multiple types organizations buying MDR services and its descriptions of these companies match up perfectly with our customers. Here is how the report characterizes a few of these MDR customers:
- “Organizations that have threat detection technologies, but are not going to build and operate their own SOC. Such organizations prefer engaging MDR providers that can support their technology of choice (such as EDR).”
- “Organizations that don’t have the staff to expand their capabilities, nor the experience required to run some of the advanced technologies that MDR providers use and to have this managed, maintained and operated by specialists 24/7.”
- “Organizations that just want to obtain ‘a modern SOC’ by outsourcing to a provider, leaving them to focus their internal resources on other security and risk activities.”
The common thread is that all of these organizations want to move away – partially or entirely – from handling security themselves. Indeed, a CIO once told us “I want to get us out of the security business.” This is something we were more than happy to help him accomplish. We can help you do it, too.
What Do You Need in an MDR Service?
No Gartner report would be complete without recommendations, and the MDR Market Guide does not disappoint.
It identifies the following capabilities that “successful MDR services providers deliver … in a packaged delivery model” to buyers:
- “A focus on high-fidelity threat detection and validation, geared toward attacks that have bypassed preventative security controls.”
We recognize that there are no impenetrable perimeters, so we focus on detecting and containing attacks as early as possible in the cyber kill chain. We accomplish this, in part, by ingesting data from multiple sources (customers’ security stacks, EDR and NDR sensors, VPN payloads, etc.), normalizing it and combining it with an extensive use case and playbook library for more accurate and context-aware analysis.
- “Remote incident response investigation and containment activities beyond alerting and notification. Threats move too fast for most organizations these days. Depending on the type of threat and the environment targeted, this could have an impact on data confidentiality, availability to operations (e.g., a destructive ransomware event), an impact on privacy (e.g., breach of customer data), or even an impact on physical safety (e.g., an attack on industrial control system [ICS]/supervisory control and data acquisition [SCADA] systems or medical devices).”
We could not agree with this more because seconds count during a breach. Our service’s well-defined escalation process ensures we respond immediately when needed and in accordance with our service’s customized incident response plan. In some cases, the incident response plan can essentially “pre-authorize” us to contain threats automatically rather than waiting to review options with customers.
Integration with our SASE platform also allows us to look deeper into the network to detect threats and enables us to isolate them as well. For example, we can identify a malware-infected PC and lock it out of the network, effectively containing the threat until the malware is deleted. We could also clean up hundreds – or thousands – of worm-infested end points in as little as an hour by identifying the worm’s self-destruct function and then broadcasting it network-wide.
- “Selective use of technologies and a turnkey model to enable the MDR provider’s team to quickly implement and deliver services. To support the activities performed and the outcomes being delivered depends on and, in many cases, mandates a specific set of technologies.”
We’ve delivered managed services for 30 years and have continuously refined our processes and procedures to ensure customers are on-boarded quickly, can access our mature Mission Control portal and receive “white glove” service from Day 1.
- “A common delivery platform for all customers. The platform uses TI and custom analytics. In some cases, the platform may use behavioral and machine learning (ML)-powered analytics too.”
Our service uses AI and ML extensively in order to aid our expert security engineers, rather than trying to replace them like so many competitors do. AI automation filters out false positive alerts so our security engineers can focus on real threats and not succumb to “alert fatigue” from a constant deluge of meaningless alerts.
Determining exactly what your organization needs in an MDR service before signing a contract will save everyone involved a lot of headaches. We are sure, these recommendations from Gartner are spot-on. Organizations looking to get out of the security business and evaluating MDR options should consider it a checklist.