Why managed detection and response (MDR) adoption is growing among small businesses

Most SMBs are not equipped with 24/7 security operations to monitor threats during provisioning threat detection and response, exposing their infrastructure to cyber attacks. Firewalls, endpoint security, identity access management (IAM), and network security dominate their security budgets, and only 5% According to Gartner, annual IT spending.

SMBs face the daunting challenge of trying to acquire the technology they need to protect their applications, infrastructure and networks as software prices rise. Maintaining their security operations center (SOC) to monitor threats and provide detection and response support during critical staff shortages is another. As a result, Forrester research It found that 64% of SMEs operating a SOC in an internal or hybrid internal/external model have ten or fewer employees in the SOC, while 32% operate one with five or fewer employees. Additionally, while 81% of surveyed SMBs are monitored by an internal security operations center (SOC), more than half (57%) do not operate 24/7.

The result is that almost every SMB is shortchanged to achieve 24/7 threat detection and response, with many relying on managed detection and response (MDR) service providers to fill the gap. This is why 53% of SMEs rely on external partners, including MDRs, to bridge threat detection and response gaps.

SMEs are under cyber attack

cyber attacks against SMEs increased by 150% during the last two years. Forrester Consulting and Endurance collaborated on a recent study, Bullies don’t sleep, but your employees should. The report found that 69% of SMBs felt they faced critical and expanding cyber security threats this year, with 75% reporting an increase in cyber attacks over the past three years. As a result, improving detection and response by engaging with external security operations providers, including MDRs, is seen by most SMBs as a critical tactic for growing their cybersecurity programs.

According to report author Jeff Pollard, vice president and principal analyst at Forrester, SMBs should look for signs that it’s time to move from managing their SOC to managing MDR.

In a recent email interview with VentureBeat, Pollard said, “MDR acquisitions have external and internal drivers. The main external drivers are, firstly, cyber insurance requirements. Cyber ​​insurers want 24/7 detection and response in one environment – the other [is] customer requirements. A company customer requires 24/7 detection and response services or they will not work with the company, and the third is a compelling case [a breach].”

Among the internal drivers to watch for, Pollard explained, “consider moving when adding or replacing an existing EDR tool, as most EDR vendors offer MDR service now and/or when renewing their MSSP contract. Switching from MSSP to MDR generally produces better results and MDR customers are happier than legacy MSSP customers.”

Where MDRs close security loopholes

Forrester’s research shows why SMBs need a solid strategy to reduce time to detect and respond to incidents, in addition to increasing spending on preventive controls. Relying on firewalls, endpoint security, IAM and network security should be reinforced with company-wide detection and response measures to partially mitigate the risk of a cyber attack. Gartner predicts By 2025, 50% of organizations will use it MDR services for threat monitoring, detection and response functions that offer threat prevention and mitigation capabilities.

SMBs should also aim to reduce the time to detect and respond to incidents on a 24/7 basis. However, as Forrester research shows, most SMBs struggle to find qualified cybersecurity professionals to staff their internal SOC. Instead, MDRs continuously employ threat analysts with detection and response experience who can immediately help clients mitigate the risk of cyberattacks.

SMBs most value external security partners who can collaborate closely during incidents (52%) while also filling internal skills gaps (47%). The ability of MDRs and security partners to help SMBs develop their cyber security capabilities not only reduces risk to the business, but also helps ensure it. cyber insurance requirements, according to 42% of respondents.

Adoption of MDR is increasing among small businesses as service providers continually improve their threat prevention and response services with advanced analytics and threat intelligence. Mid-sized enterprise CIOs and IT leaders are also looking for MDRs with an experienced team in breach and risk detection, digital forensics and incident response. In addition, 38% of SMBs report that they plan to implement managed detection and response within the next 12 months, confirming how important it is for MDRs to provide an experienced team that provides security and customer support.

What to look for in an MDR provider

The MDR landscape becomes more competitive, providing more value to SMEs in need of support. Identifying detection and response use cases is a practical first step in determining what services will be required from MDR and whether their technology stack is compatible with the SMB’s existing IT infrastructure.

MDR providers who can bridge the gaps in security operations and combine skilled analysts with artificial intelligence (AI) and machine learning (ML) are leading the market today. Of course, a 24/7 response provider with automated alerts and experienced monitoring support should be sought.

Before adopting, SMEs should also assess how well MDRs can detect potential threats that currently bypass preventive controls. Leading MDR providers may also be on the map MITER ATT&CK framework and show their scope, which is invaluable in improving detection and response tactics and strategies.

Knowing how responses are managed, the success of the provider’s SOC analysts working with other customers, and whether they offer digital forensics and on-site and remote response are also important factors to keep in mind.

Finally, examine how MDR providers hire, retain, and promote threat analysts. The cybersecurity workforce shortage particularly challenging, so it is important to know how MDRs manage their businesses relative to this constraint.