There is a disturbing trend in cybersecurity: As the frequency and sophistication of cyberattacks is increasing, so is the gap between the number of cybersecurity jobs available and the number of applicants with the skills and capability to fill them.
As the rule of supply and demand plays out, acquiring and retaining enough in-house expertise qualified to meet an organization’s security needs has become exponentially more difficult and expensive.
IT and IS leadership have recognized the need to outsource cybersecurity expertise, but with the proliferation of services, it’s important to know what you’re buying.
In the world of managed security, there are two main options: Managed security services providers and managed detection and response. Understanding what these are and the differences between an MSSP and MDR is essential for choosing the right solution for the organization.
A managed security services provider (MSSP), the original type of outsourced managed cybersecurity, performs remote monitoring of the customer’s environment in order to detect potential events of interest. If any anomalies are sensed, the MSSP reports them to the customer to take appropriate action. This dramatically reduces an organization’s vulnerability to potential threats.
MSSPs ensure their customers have the benefits of the latest monitoring technology without the burden of acquiring, configuring, and monitoring it themselves. The ability to outsource monitoring at scale means that an organization can focus their often limited internal cybersecurity resources on the threats with significant indicators of a legitimate incident.
Some MSSPs also take a proactive role in protecting their clients’ systems from potential cybersecurity incidents. Common services include virus scanning, firewall management, and similar preventive actions. This benefits both the MSSP and the client since the probability of an incident is decreased if the client’s network implements cybersecurity best practices.
Related Reading: In-house SOC or MSSP
Managed detection and response (MDR) is the other major type of managed security service. MDR focuses on depth compared to MSSP’s focus on potential breadth.
Instead of providing the resources and skills necessary for an organization to achieve basic cybersecurity compliance, MDR provides an in-depth investigation into potential threats on an organization’s network. This service is designed for organizations that have reason to believe they are potential targets of sophisticated attacks and need continuous monitoring and response capabilities.
Related Reading: EDR vs. MDR: Which Threat Detection is Right for You?
The decision between an MSSP and MDR should be based on the specifics of an organization’s situation.
One significant deciding factor is whether or not an organization already has an in-house, 24/7 Security Operations Center (SOC). Having a fully-staffed SOC is vital to an organization’s cybersecurity strategy, so the core of an MSSP's offering focuses on providing this. When shopping for a potential MSSP, the inability to provide round-the-clock monitoring is a sign that you should keep looking.
Related Reading: How to know if your MSSP is equipped to support you through a breach
For organizations that have adequate cybersecurity monitoring in-house (or through an MSSP) but want or need to upgrade their incident detection and response capabilities, an MDR is probably the right choice. These service providers are focused on finding and remediating potential threats on your network to minimize your probability of regulatory non-compliance.
When shopping for managed security providers, the dividing lines may not be as clear as MSSP vs. MDR. Some MDR providers may provide some preventative services, and some MSSPs offer an incident response and analysis of anomalies to remove false positives.
Selecting a provider that offers both options will help to ensure holistic services with an objective and realistic appropriation of resources.
Avertium partners with trusted cybersecurity technology providers to offer a full suite of managed security services including MDR, managed vulnerability management, managed endpoint detection and response (EDR), and managed Zero Trust Networking Access (ZTNA).