Fully managed versus co-managed detection & response – which service does your IT security need?

High-performance IT security is fundamentally based on two pillars: on the one hand, preventing or at least slowing down successful cyberattacks through comprehensive security mechanisms and, on the other, quickly detecting and defending against successful cyberattacks that were able to circumvent the security mechanisms.

The more digitalization progresses, the more challenging it becomes to protect companies from damage caused by successful cyber attacks. Sophisticated malware, ransomware, malicious scripts and advanced persistent threats (APTs), which usually find their way into networks through social engineering, threaten the IT security of companies worldwide.

In recent years, a trend has become more pronounced that has now become one of the greatest dangers in the field of cyber defense: a lack of the necessary manpower. The shortage of skilled workers is also having a major impact on the IT security sector. Small and medium-sized companies in particular are finding it difficult to fill vacancies. Specialized IT security service providers offer urgently needed support with Managed Detection & Response (MDR) services. This additional, external manpower relieves the burden on in-house IT security teams and offers companies the opportunity to have their “own” IT security team.

Fully or co-managed detection & response service – in this article you can find out how these two approaches differ and when which service makes sense for your company.

What does Managed Detection & Response mean?

The sole use of classic security measures no longer guarantees effective IT security. Today, active, rapid and comprehensive hazard detection and defense is more important than ever. Many companies are already using a wide variety of threat detection and response tools with the aim of promptly detecting and reporting attack activities and thus significantly increasing the level of security: EDR (Endpoint Detection & Response), NDR (Network Detection & Response) or XDR (Extended Detection & Response) are currently regarded as relevant security technology solutions that effectively counter current and future cyber threats.

Behind the three letters of EDR, NDR or XDR are “detection and response” models that detect cyber threats and manage them in different ways. The solutions are used to detect attacks on company networks at an early stage and stop them as quickly as possible.

Responsible IT security teams – mostly cyber defense analysts and threat hunters – receive immediate notifications of identified anomalies and security-relevant data that could indicate acute threat situations through detection & response solutions. This puts them in a position to react appropriately in the shortest possible time and avert major damage to companies.

Why Managed Detection & Response Services?

According to a large-scale study, a lack of manpower jeopardizes cyber security in 85% of all companies. There is no relief in sight on the labor market, on the contrary: all indicators suggest that the problem will worsen significantly in the coming years.

Managed Detection & Response Services (MDR) address precisely this glaring weakness. The term stands for the managed detection and response to attacks. The focus here is not on technology or a solution, but on a service provided by specialized IT security service providers. By using an MDR service, companies can access the services of professional IT security providers who specialize in detecting, analysing and defending against cyber attacks – ideally 24/7. For example, the external IT security analyst responsible for a company can use an orchestration tool (
Security Orchestration Automation and Response, or SOAR for short
), the external IT security analyst responsible for a company can immediately initiate appropriate defensive measures when a real threat is detected and confirmed. The MDR services can be used according to a company’s needs and relieve internal IT security teams of routine tasks or the time-consuming processing of false alarms.

Such managed detection & response services can be designed either as a fully managed or co-managed service.

What does a Fully Managed Detection & Response Service include?

A Fully Managed Detection & Response Service is to be understood as a “complete package” in which all IT security tools that are necessary or deemed useful for a company are made available by a service provider and managed and operated for the company. This can be a SIEM (Security Information and Event Management), for example, supplemented by a SOAR system for faster, partially automated analysis and defense against a cyber attack. All systems that can initially detect a potential IT security incident, provide further information for assessment or initiate protective measures are connected to SIEM and SOAR. Specifically, this could be the connections of the EDR/NDR/XDR solutions already mentioned. However, other solutions can also be connected, such as phishing detection, threat intelligence or vulnerability management.

With the Fully MDR Service, security service providers implement and operate all the necessary IT security tools and monitor the customer’s networks and end devices for anomalies 24/7. If necessary, defensive measures are initiated in close consultation with the customer. In addition, all administrative work – such as analyzing log files, updating the tools used with patches and updates or creating reports – is carried out by the external service provider.

What is a Co-Managed Detection & Response Service?

A co-managed detection & response service is characterized by individual and flexible use: The management and administration of certain security tools is transferred to a service provider. The Co-Managed Detection & Response Services approach is based on the fact that many organizations and companies have already invested in IT security tools such as anti-phishing, SIEM, EDR/NDR/XDR and SOAR, but have then found that seamless, efficient operation fails due to a lack of manpower. Missing expertise (or tools if required) can be added to Co-Managed Detection & Response Services according to the modular principle – with predictable, transparent and scalable costs.

Co-Managed Detection & Response Services should not be seen as a replacement, but rather as a supplement to the existing IT security architecture to ensure that an immediate and appropriate response can be made to identified IT security threats. And thanks to the expertise and manpower of the MDR service provider, this is done so quickly that significant damage to the company in question is averted or at least greatly reduced. Co-managed detection & response services also offer another advantage that should not be underestimated: customers receive high-quality consulting services and a valuable transfer of knowledge. After all, close, cooperative collaboration is a key part of all co-managed service approaches. Experienced, external specialists compensate for the lack of expert knowledge within the company – and the company’s internal IT benefits from their experience and know-how through the exchange of expertise.

Individual use of IT security services based on a modular principle with flexible, hybrid approaches: Co-managed detection & response services close gaps in cyber defense when resources, expertise or specialists are lacking and represent a valuable alternative to complete in-house concepts or fully managed services.

Are you interested in Managed or Co-Managed Detection & Response Services? Contact us online or by phone at +49 30 5557021 11: +49 30 5557021 11. We will be happy to advise you individually and without obligation in a personal meeting!