IDC on MDR: New Market Developments
“Noisy” is one way to describe the current state of the managed detection and response (MDR) market.
In a new IDC Market Perspective report, IDC analyst Cathy Huang says a question popped into her mind as she walked around the 2022 RSA cybersecurity conference last June in San Francisco: "Who isn't offering MDR?"
Many security professionals are undoubtedly getting the same vibe.
MDR Benefits and Market Players
At BlackBerry, we know that MDR can solve many problems experienced by many organizations. Businesses of all sizes struggle with cybersecurity complexity, as well as a lack of resources. Trained security analysts are in chronically short supply — especially ones who can keep watch around the clock, with experience in handling incidents caused by adversarial behavior.
MDR provides organizations with a way to address gaps in their defenses by subscribing to turn-key services that help them build better security capabilities. It can be a means to quickly add resiliency by augmenting your existing security team, and/or having the managed security service provider (MSSP) serve as your remote security operations center (SOC) — often at a fraction of the cost of building and staffing your own 24/7 SOC. Top providers allow you to tap into considerable outside human expertise every minute of every day.
The chart below provides an excellent overview of what MDR services may include:
Current MDR offerings range from “pure-play” offerings, to security technology vendors, to MSSPs and other hybrid services. Some security service providers offer conventional MDR as well as the next generation of MDR, known as managed extended detection and response (MXDR), which provides greater fidelity of signal by leveraging a broad set of telemetry beyond just the traditional endpoint.
Organizations are realizing tremendous benefits from managed detection and response. However, finding the right cybersecurity partner for your organization can be both daunting and time-consuming. One thing that can be helpful is to consider some specific differentiators in the current marketplace.
IDC on Managed Detection and Response Differentiators
After returning from RSA, IDC’s Huang authored a report that highlighted the CylanceGUARD® managed detection and response (MDR) from BlackBerry as an example of successful differentiation in the noisy MDR marketplace. She lauded the BlackBerry® solution for both its technical capabilities and its features beyond technology.
“BlackBerry’s Cylance, arguably a pioneer in cybersecurity AI, claims to have set the standard as one of the first machine learning models for cybersecurity. Now, Cylance AI is in its seventh generation and has trained on billions of diverse threat data sets over the past few years. Yet what makes CylanceGUARD an attractive option is the service features like ThreatZERO engagement, continuous threat hunting, and hands-on training/knowledge transfer.”
CylanceGUARD includes an objectives-based outcome SLA (ThreatZERO): Work does not stop until your organization achieves an agreed-upon state of proactive prevention. A digital report card tracks the key metrics that reveal where you are on this journey, and it also functions as a set of key performance indicators (KPIs) that can be used to monitor and assess the organization's cyber-risk exposure and incident preparedness on an ongoing basis.
Would an outcome-based engagement be helpful for your organization — and perhaps even help you sleep better at night? It’s just one thing to consider, one point of differentiation, as you evaluate MDR offerings.
IDC’s Huang also noted several additional differentiators for CylanceGUARD, which we hope will help inform your evaluation of providers. The following is excerpted from Huang’s IDC Market Perspective report:
BlackBerry believes in the importance of a strong implementation process and continuous fine-tuning, as well as continuous attack surface evaluation, to achieve proactive status of cybersecurity operations. The proactiveness is not as simple as decommissioning a legacy product to (replace with) AI-based solutions like CylancePROTECT (an endpoint protection platform, or EPP, solution) and CylanceOPTICS (an endpoint detection and response, or EDR, solution).
BlackBerry is partner-centric, leveraging experienced in-country partners to better penetrate and serve its customers locally. In the case of Bluebird Group, Indonesia's largest ground transportation company, BlackBerry worked with Telkomsel on implementing solutions, and proving the value of the solutions, to the client immediately.
BlackBerry offers a high level of services directly. It offers flexible communication/notification options so the customer can get insights on the go, and connect to BlackBerry's security analysts 24/7.
IDC Analyst Huang adds the following thought, which may help you on your MDR evaluation journey: “It takes technologies, tools, procedures, and talents to deliver effective security outcomes and fast time-to-value.”
Remember to consider those four aspects when you begin your search for a security services provider. It may help you find the right cybersecurity partner in today’s increasingly noisy MDR marketplace.