High-performance IT security is fundamentally based on two pillars: on the one hand, the prevention or at least the slowing down of successful cyber attacks through comprehensive security mechanisms and, on the other hand, the rapid detection and defense against successful cyber attacks that were able to circumvent the security mechanisms.
The more digitization advances, the more challenging it becomes to protect companies against damage from successful cyberattacks. Sophisticated malware, ransomware, malicious scripts and advanced persistent threats (APTs), which mostly find their way into the network via social engineering, threaten the IT security of companies worldwide.
In the last few years, a trend has intensified that has now become one of the greatest threats in the field of cyber defense: there is a lack of the necessary manpower. The shortage of skilled workers is also having a full impact on the IT Security sectors. Small and medium-sized companies in particular are finding it difficult to fill vacant positions. Specialized IT Security service providers offer urgently needed support here with Managed Detection & Response (MDR) services. This additional, external manpower relieves the burden on in-house IT Security teams or offers companies the opportunity to have their “own” IT Security team.
In this article, you will find out how these two approaches differ and when it makes sense for your company to choose a Fully or Co-Managed Detection and Response Service.
What does Managed Detection & Response mean?
The sole use of classic security measures has long since ceased to guarantee effective IT Security. Today, active, fast and comprehensive threat detection and response is more important than ever. To this end, many companies are already using a wide variety of “Threat Detection and Response” tools, which aim to detect and report attack activities in a timely manner and thus significantly increase the level of security: EDR (Endpoint Detection & Response), NDR (Network Detection & Response) or XDR (Extended Detection & Response) are currently considered relevant security solutions that effectively counter current and future cyber threats.
Behind the three letters of EDR, NDR or XDR are, in summary, “detection and response” models that detect cyber threats, i.e. recognize them, and manage them in various forms. The solutions are used to detect attacks on corporate networks at an early stage and stop them as quickly as possible.
The IT Security teams responsible – mostly cyber defense analysts and threat hunters – receive immediate notifications of identified anomalies and security-relevant data that could indicate acute threat situations through detection and response solutions. This enables them to respond appropriately in the shortest possible time and avert major damage to companies.
Why Managed Detection & Response Services?
According to a large-scale study, a lack of manpower endangers cybersecurity in 85% of all companies. There is no relief in sight on the labor market; on the contrary, all indicators point to the problem becoming even more acute in the coming years.
Managed Detection & Response Services (MDR) address precisely this glaring vulnerability. The term stands for managed detection and response of attacks. Here, the focus is not on technology or a solution, but on a service provided by specialized IT security service providers. By using an MDR service, companies can access services from professional IT security providers that specialize in detecting, analyzing and defending against cyber attacks – ideally 24/7. For example, by using an orchestration tool (Security Orchestration Automation and Response, or SOAR), the IT Security analyst externally responsible for a company can immediately initiate appropriate defensive measures when a real threat is detected and confirmed. MDR services can be used according to a company’s needs and relieve internal IT Security teams of routine tasks or the time-consuming processing of false alarms.
Such managed Detection and Response services can be either fully managed or co-managed.
What does a Fully Managed Detection & Response Service include?
A Fully Managed Detection & Response Service is to be understood as a “complete package”, in which all the IT Security tools necessary or deemed useful for a company are provided by a service provider and managed and operated for the company. This can be, for example, a SIEM (Security Information and Event Management), supplemented by a SOAR system for faster, partially automated analysis and defense against a cyber attack. All systems that can initially detect a potential IT Security incident, provide further information for assessment or initiate protective measures are connected to SIEM and SOAR. In concrete terms, this can involve, for example, the connections of the EDR/NDR/XDR solutions already mentioned. However, other solutions can also be connected, such as Phishing detection, Threat Intelligence or Vulnerability Management.
With the Fully MDR service, security service providers implement and operate all the necessary IT Security tools and monitor the customer’s networks and end devices 24/7 for anomalies. If necessary, defensive measures are initiated in close consultation with the customer. In addition, all administrative tasks – such as evaluating log files, updating the tools used with patches and updates, or creating reports – are handled by the external service provider.
What is a Co-Managed Detection & Response Service?
A Co-Managed Detection & Response service is characterized by individual and flexible utilization: The management and administration of specific security tools is transferred to a service provider. The approach of Co-Managed Detection & Response services is based on the fact that many organizations and companies have already invested in IT security tools such as AntiPhishing, SIEM, EDR/NDR/XDR and SOAR, but then found that a seamless, efficient operation fails due to a lack of sufficient manpower. Missing expertise (or tools, if required) can be added with Co-Managed Detection & Response services according to the modular principle – with plannable, transparent and scalable costs.
Co-Managed Detection and Response Services should not be seen as a substitute, but rather as a supplement to the existing IT Security architecture to ensure that identified IT Security threats can be responded to immediately and appropriately. Thanks to the expertise and manpower of the MDR service provider, this happens so quickly that significant damage to the company concerned is averted or at least greatly reduced. In addition, Co-Managed Detection and Response services offer another advantage that should not be underestimated: customers receive high-quality consulting services and a valuable transfer of knowledge. This is because close, cooperative collaboration is a key part of all co-managed service approaches. Experienced, external specialists compensate for the lack of expert knowledge within the company – and the company’s internal IT benefits from their experience and know-how through professional exchange.
Individual use of IT Security services based on a modular principle with flexible, hybrid approaches: Co-Managed Detection & Response services close gaps in cyber defense when resources, expertise or specialists are lacking and represent a valuable alternative to complete in-house concepts or fully managed services.
Experienced IT Security professionals are hard to come by on the job market. Small and medium-sized companies in particular are all too often left without the urgently needed human expertise, even if technical security solutions are available within the company. Managed Detection & Response (MDR) services fill the gaps in cyber defense. While Fully Managed Detection & Response services provide all necessary tools and services as a complete package, modular and flexible Co-Managed Detection & Response services compensate for missing resources and capacities in specific areas.
Are you interested in Managed or Co-Managed Detection & Response services? Contact us right away online or by phone at: +49 30 5557021 11. We will be happy to advise you individually and without obligation in a personal meeting!