Does MDR come to rescue when SIEM is too complex & SOC seems too huge a commitment?

Runa Tripathy   

Businesses are digitally transforming before our eyes, and while it’s often the bigger brands that get a mention, the evolution this time around is happening at the SMEs (Small and Mid-Enterprises) as well. By being upfront in adopting the right and advanced technologies, these SMEs are making it harder for the bigger brands to take that big leap propelled by single-handedly making use of advanced technologies. SMEs today are leaving no technology stones unturned to reduce the gap they can to stay abreast of the competition.

The greatest hurdle to keeping pace is often related to cybersecurity. Today’s increasingly prevalent and dangerous threats can weigh on a company’s pace. As per the ESG research conducted about 82% of cybersecurity professionals are in agreement that threat detection and response are of utmost priority at their organizations. To add to it 77% responded that BU heads are compelling the cybersecurity teams to improve their threat detection and response. However, there still seems to be a lag in spite of the Need and the Intent being there. The problem is Threat Detection and Response ain’t a piece of cake. In fact, while the SMEs and bigger brands were playing cat and the mouse with technology advancements, the cybercriminals were swiftly keeping pace with technology advancements and coming up with new and improved ways to hack the security paradigms. You ask any cyber professional today and they are likely to say that threat detection and response is quite more difficult today than it was even some two years back and reason all mention would be an upsurge in the volume and sophistication of threats, an increasing cybersecurity workload, and a growing attack surface.

Ideally, the solutions to mitigating these threats can be found within the realms of deploying an Intelligent SIEM (Security Incident and Event Management) or establishing a full-fledged SOC (Security Operations Center). However, both of these either require the organization to have the right skill sets, resources, mindset, and commitment. From this muddle, this growing need to outsource emerges MDR (Managed Detection and Response).

Rather than deploying yet another point tool, CISOs are turning to third-party service providers for help, making (MDR) one of the fastest-growing segments in the cybersecurity market. ESG research reveals that 27% of organizations are actively pursuing an MDR project, while another 11% plan to pursue an MDR project in the future.

While organizations have understood the need that makes round-the-clock security monitoring imperative, it is only dawning on many now that how difficult a task it is to actually accomplish this. Because without it or with anything less than this keeping data secure and IT processes functioning amidst increasing threats becomes almost next to impossible.

MDR services aren’t something that everyone should find value in, even in the small to mid-segment businesses. If you as a business don’t have a pressing need to protect sensitive data, then perhaps you could do away with needing an MDR partner. It is also very important to understand that MDR topples your need for endpoint security protection or vulnerability assessment capabilities. The best way to think about MDR is to think of it as a service you would use in combination with other products and services. What’s also interesting to note is that MDR does put the onus on you to obtain optimum value by managing the relationship with the MDR partner, by providing direction and guidance, as well as by giving timely feedback.


MDR services exist to support a variety of buyers, which generally align with three groups:

  1. Organizations that have very minimal in-house detection and response capabilities, where an MDR service forms the primary (sometimes only) security operations capability.
  2. Organizations that have invested in detection technologies but are unable to build in-house people or process capabilities to support the security operations mission.
  3. Organizations that have already made investments in people, processes and technologies for threat detection and response, or plan to make those investments, say, as part of building their own internal SOC, and are looking to MDR providers for support.

In general, MDR supplements, rather than replaces, an existing security operations center team. Enterprises with sufficient security staffing and budget can typically deploy an in-house SOC rather than use an MDR service. Fortune 500 companies may also prefer an in-house SOC that can be constantly tuned to their unique business needs.

Pick the Right Vendor to Suit Your Needs:

If you are opting to go with an MDR Service provider, like any other service you will need to ask yourself a few of the impertinent questions. So, pause, evaluate, measure, and then Opt. it’s abundantly clear that lots of organizations will throw in the proverbial towel and seek help from MDR players. Here are some of the questions you may need to think through while choosing for an MDR provider:

  • Is your MDR provider capable of monitoring your existing IT stack, or are they skilled to support only specific vendor’s security software?
  • Does the MDR provider have cloud security capabilities to ensure they can monitor your infrastructure on-premises as well as on the cloud?
  • Does the MDR provider support the compliance and regulatory guidelines you are required to adhere to? This is of prime importance for Healthcare and BFSI organizations.
  • What is the pricing model that your MDR provider is offering, is it an annual subscription model or is it based on event volumes and therefore fluctuates?
  • Be clear on the different things your MDR provider supports. Since the MDR Service offering is still not fully matured, it is good to know what technology stack is being supported. The MDR label is being coopted by service providers that demonstrate few, if any, of the characteristics defining the MDR market and are more aligned to the MSS market.