MDR vs MSSP: What’s the Difference?By: Secureworks
Acronyms. Nobody likes them, but we can’t live without them. That’s especially true in cybersecurity, where we’re constantly talking about CVEs, TTPs, MFA, and APTs.
These days, two acronyms — MDR and MSSP — have become a particular source of confusion. So we thought we’d take a few brief minutes of your time to answer four of your most frequently asked questions.
Question #1: What is Managed Detection and Response (MDR)?
MDR is managed detection and response. Providers of MDR both detect and respond to threat actors’ attempts to breach your environment. We believe the most effective MDR solutions are most often delivered on a robust cybersecurity platform such as XDR (extended detection and response) technology, which complements traditional endpoint coverage with coverage of networks, cloud, email, and other elements of your overall environment. What MDR providers don’t traditionally do is manage software and tools. They manage security outcomes to reduce customer risk.
Question #2: What is a Managed Security Service Provider (MSSP)?
An MSSP is a managed security services provider. MSSP thus describes a class of vendor, rather than a specific type of solution or service. Some MSSPs provide MDR, some don’t. But MSSPs can also provide all kinds of services that you may or may not need. They can provide monitoring and alerting without handling response for you. They can track your vulnerabilities and perform patching for you. They can manage your firewalls and VPNs. They often will manage software and technologies as well working as a more fully managed security team.
Also note that the term MSSP generally refers to an independent service provider. If you get your MDR directly from an MDR vendor, that MDR vendor is acting like an MSSP — and may in fact be a very good one. But we generally wouldn’t call them an MSSP, since they may not offer the same range of services as a typical independent MSSP.
Question #3: Should I choose MDR or an MSSP?
Since MDR and MSSP are not mutually exclusive, this is actually the wrong question to ask. The better way to frame your choice is to ask yourself two different questions:
- Question 3a: MDR or XDR – Which Solution is Best for Your Business?
In my opinion XDR is a must-have. You simply can’t depend on endpoint detection alone to keep your organization safe. You need broader coverage of your environment. And you can’t depend too fully on perimeter security alone. You must be able to quickly discover and root out any threat actor who has already breached your perimeter and is now active within your environment. XDR is a game changer.
So the first question to ask yourself is whether you want to monitor, investigate and respond to threats being shared through XDR yourself or have an MDR partner run monitor for you.
Because cybersecurity talent is in such short supply — and because relatively few organizations are large enough and rich enough to afford a large, highly skilled cybersecurity staff — chances are that you’re better off opting for MDR.
- Question 3b: MDR from an MDR vendor or an MSSP?
The next question is whether to get MDR directly from an MDR vendor or from an MSSP. The answer to this question depends on several factors. For example, if you already have a strong and healthy relationship with an MSSP — and that MSSP offers services built on a leading XDR solution — then you may simply opt to expand that existing relationship. You may also be able to get your XDR at a good price if your MSSP is bundling it with other services such as vulnerability management.
If, on the other hand, you don’t have an existing relationship with an MSSP offering XDR or your MSSP partner isn’t running MDR on XDR, you may want to work directly with an MDR vendor. Remember this, though: MDR is a service. An MDR vendor with great technology but a subpar culture of service won’t be a great choice. So you need to ensure that any MDR vendor you work with directly has a strong track record of high-touch service and rapid response — in addition to great underlying technology.
Question #4: How can I start the process of adopting the best MDR solution for my company?
It would be great if you could immediately implement MDR by simply clicking a link and entering your company’s credit card info. But MDR requires a bit more from you and your team. There are, however, three things you can do today to get the process started — and to ensure that the end result of that process is the best one for your organization:
Rationalize your funding. The biggest obstacle to MDR adoption is budget. Fortunately, you can make room in your budget for MDR in a few ways. For one thing, since MDR includes EDR, you may be able to replace/retire your big-ticket EDR solution. For another, you may also be able to eliminate or downsize your SIEM since MDR inherently acts as an intelligent AI/MI-enabled aggregation point for security-related events across your environment.
Also remember that as a turnkey service, MDR enables you to re-allocate your headcount to more strategic tasks and/or avoid replacing staff lost through attrition.
Clarify the business case. No environment is perfectly secure. No cybersecurity system offers 100% protection. This often makes buying decisions an economic exercise focused on minimizing financial risk within fixed resource constraints.
And the financial risk to your organization at any given moment is largely contingent upon how long threat actors can dwell in your environment undetected and unremoved. Cut your dwell time and you cut your risk. Substantially. That’s the business base for MDR — and it’s a compelling one.
- Make your short list. You don’t have to study and evaluate 100 vendors to create your short list of MDR candidates. If you already have a relationship with an MSSP offering MDR, they belong on that list. So do we — because our Secureworks MDR solution, Taegis™ ManagedXDR, leverages the proprietary threat intelligence gathered from thousands of IR engagements and active threat group monitoring with our industry leading XDR platform delivered by a robust SOC team with 20+ years of experience. We have lots of great MSSP partners, too, using Taegis XDR if there is a partner you prefer.
You probably have more than four questions about MDR and MSSPs. So just click here to speak to an MDR expert. The sooner you start your process, the sooner you’ll be able to better protect your organization more cost-efficiently and with greater confidence.