Q
Problem solve Get help with specific problems with your technologies, process and projects.

Are managed detection and response services a good idea for SMBs?

If you're a small business with limited IT resources, the emerging managed detection and response services market can help with cybersecurity breach prevention and threat detection.

Headline-making cyberbreaches have prompted most organizations to prioritize how much they spend on IT security....

However, most businesses lack the internal expertise and capabilities to mount a cohesive and effective defense.

Small businesses, in particular, struggle to derive the maximum benefit from their existing security infrastructure investments. In many cases, the security monitoring tools they have in place often require more manpower or expertise than the business has. As a result, IT finds itself tuning out the flood of threat detection alerts and missing potential security threats until it is too late.

New class of MDR vendors emerging

Fortunately, a relatively new class of IT security vendors is emerging to help small and midsize businesses with threat detection and response. Known as managed detection and response services (MDR), these products rely on network- and host-based detection tools to identify malicious patterns. These tools also typically gather data from endpoints inside the firewall to get a more comprehensive view of network activity.

MDR specialists -- among them Rapid7, FireEye, Raytheon Foreground Security, Rook Security and Red Canary -- take a different tack in how they approach potential threats and threat detection. Instead of focusing on device management, these managed detection and response services vendors emphasize mining and analyzing network performance data to glean threat intelligence.

MDR providers typically cull data from a variety of sources, including logs, network flow data and packet capture. They then offer recommendations or, in some cases, initiate automated actions -- e.g., sandboxing.

Benefits of managed detection and response services

MDR products are typically accessed as a managed service, although some vendors offer products that are more self-service in nature. MDR providers also offer triage support in the event a incident or threat occurs -- a capability that sets these companies apart from security monitoring services that fall short of the needs of many smaller businesses.

Seeing a new prospect pool, managed service providers that target larger enterprise clients are also beginning to explore whether they have a role to play as an MDR provider. Some, including Cisco, have made acquisitions to support their entrée into the space. Consolidation is virtually guaranteed.

Even as MDR services begin to gain traction, they're still a new and developing market. Small businesses may benefit from the security monitoring and threat analytics technology, but as is the case with any investment in an emerging area, organizations must carefully vet the products and understand the direction the vendor is planning to take.

In some cases, it might be worth the wait to see how the managed detection and response services space evolves -- and condenses -- before making the leap.

Next Steps

Choosing the right threat intelligence provider for your organization can be a daunting task and a time-consuming process. Expert Ed Tittel compares the top threat intelligence services to see how they differ and how they address various enterprise security needs.

Session hijacking is an easy attack to launch -- and a difficult threat to detect -- if the proper defenses are not implemented. Here, learn the necessary techniques for preventing session hijacking attacks on your network. 

Not concerned about gadget and IoT security? You should be. Network admins must combat the security challenges introduced by the increasing number of IoT devices within their networks. Learn how they are doing it. 

This was last published in September 2017

Dig Deeper on Network Security Best Practices and Products

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you handle potential threats at your small business?
Cancel

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close