Problem solve Get help with specific problems with your technologies, process and projects.

Are managed detection and response services a good idea for SMBs?

If you're a small business with limited IT resources, the emerging managed detection and response services market can help with cybersecurity breach prevention and detection.

Headline-making cyberbreaches have prompted most organizations to prioritize how much they spend on IT security....

However, most businesses lack the internal expertise to mount a cohesive and effective defense.

Small businesses, in particular, struggle to derive the maximum benefit from their existing security infrastructure investments. In many cases, the tools they have in place often require more manpower or expertise than the business has. As a result, IT finds itself tuning out the flood of alerts and missing potential security threats until it is too late.

New class of vendors emerging

Fortunately, a relatively new class of IT security vendors is emerging to help small and midsize businesses identify potential threats and take action. Known as managed detection and response services (MDR), these products rely on network- and host-based detection tools to identify malicious patterns. These tools also typically gather data from endpoints inside the firewall to get a more comprehensive view of network activity.

MDR specialists -- among them Rapid7, FireEye, Raytheon Foreground Security, Rook Security and Red Canary -- take a different tack in how they approach potential threats. Instead of focusing on device management, these managed detection and response services vendors emphasize mining and analyzing network performance data to glean threat intelligence.

MDR providers typically cull data from a variety of sources, including logs, network flow data and packet capture. They then offer recommendations or, in some cases, initiate automated actions -- e.g., sandboxing.

Managed detection and response services have other benefits

MDR products are typically accessed as a managed service, although some vendors offer products that are more self-service in nature. MDR providers also offer triage support in the event an incident occurs -- a capability that sets these companies apart from monitoring services that fall short of the needs of many smaller businesses.

Seeing a new prospect pool, managed service providers that target larger enterprise clients are also beginning to explore whether they have a role to play as an MDR provider. Some, including Cisco, have made acquisitions to support their entrée into the space. Consolidation is virtually guaranteed.

Even as MDR services begin to gain traction, they're still a new and developing market. Small businesses may benefit from the technology, but as is the case with any investment in an emerging area, organizations must carefully vet the products and understand the direction the vendor is planning to take.

In some cases, it might be worth the wait to see how the managed detection and response services space evolves -- and condenses -- before making the leap.

Next Steps

Comparing the top services for threat intelligence

Tips for preventing session hijacking

Keeping new network endpoints secure

This was last published in September 2017

Dig Deeper on Network Security Best Practices and Products



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you handle potential threats at your small business?