Headline-making cyberbreaches have prompted most organizations to prioritize how much they spend on IT security....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
However, most businesses lack the internal expertise to mount a cohesive and effective defense.
Small businesses, in particular, struggle to derive the maximum benefit from their existing security infrastructure investments. In many cases, the tools they have in place often require more manpower or expertise than the business has. As a result, IT finds itself tuning out the flood of alerts and missing potential security threats until it is too late.
New class of vendors emerging
Fortunately, a relatively new class of IT security vendors is emerging to help small and midsize businesses identify potential threats and take action. Known as managed detection and response services (MDR), these products rely on network- and host-based detection tools to identify malicious patterns. These tools also typically gather data from endpoints inside the firewall to get a more comprehensive view of network activity.
MDR specialists -- among them Rapid7, FireEye, Raytheon Foreground Security, Rook Security and Red Canary -- take a different tack in how they approach potential threats. Instead of focusing on device management, these managed detection and response services vendors emphasize mining and analyzing network performance data to glean threat intelligence.
MDR providers typically cull data from a variety of sources, including logs, network flow data and packet capture. They then offer recommendations or, in some cases, initiate automated actions -- e.g., sandboxing.
Managed detection and response services have other benefits
MDR products are typically accessed as a managed service, although some vendors offer products that are more self-service in nature. MDR providers also offer triage support in the event an incident occurs -- a capability that sets these companies apart from monitoring services that fall short of the needs of many smaller businesses.
Seeing a new prospect pool, managed service providers that target larger enterprise clients are also beginning to explore whether they have a role to play as an MDR provider. Some, including Cisco, have made acquisitions to support their entrée into the space. Consolidation is virtually guaranteed.
Even as MDR services begin to gain traction, they're still a new and developing market. Small businesses may benefit from the technology, but as is the case with any investment in an emerging area, organizations must carefully vet the products and understand the direction the vendor is planning to take.
In some cases, it might be worth the wait to see how the managed detection and response services space evolves -- and condenses -- before making the leap.
Comparing the top services for threat intelligence
Tips for preventing session hijacking
Keeping new network endpoints secure
Dig Deeper on Network Security Best Practices and Products
Related Q&A from Amy Larsen DeCarlo
IT is embracing network automation, but complications with integration disrupt the process. Using automation for provisioning resources can improve ...continue reading
If you need to pull together different data sets, cloud management apps can track information workloads across multiple clouds and present the data ...continue reading
How can companies increase data protection in mobile communications environments and enhance perfect forward secrecy to safeguard user activity?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.