MDR: Absolutely the Right Security Solution for You

Previously, we talked about Why You Need MDR to Combat Current and Emerging Threats.

In that article, we explained how MSS (Managed Security Services) became available to organizations a decade or so ago. In the beginning, clients were happy with MSSPs. Eventually, however, business owners became dissatisfied with the service. As a result, MDR was introduced as a new service that can fill in the gaps that MSSPs missed.

Gartner predicts, “By 2020, 15% of organizations will be using services such as MDR, which is an increase from fewer than 1% today.”

However, as Gartner explained in its Market Guide for MDR, there is an overlap between MSS and MDR and it is increasing. This makes it difficult for organizations to decide whether they will use MSSPs or MDR service providers.

To help you decide with what you need for your organization, here is a point by point comparison between MSSPs and MDR:

Function MSSP MDR
Primary Focus Technology Technology, people and process
Collection, Detection, Identifying Threats Uses your existing security tools

Perimeter defense is used to identify known threats

Threat hunting is additional service (if offered)

Proactive threat hunting across network

Conducts behavior analysis and machine learning to detect and identify threats

Triage, Investigation, and Response Focused on meeting SLAs

Cursory triage often resulting

in false positives and lacks contextual information

Data sources may not be complete

Remote users and cloud services are not included in scope

Investigates and confirms threats at Tier 1 and 2 to offer complete understanding of incident

Supports customers during times of highest stress

Services are tailored to use sophisticated technologies including specialized forensic tools

Customized security event management platform

Integration across security program Technology often lacks integration points with internal security tools Technology plugs into the organization’s SIEM, workflow, and SecOp tools
Role in internal security strategy Meant to replace basic internal security functions Augments and enhances your existing security strategy w/ advanced technology and highly-specialized analysts, threat hunters, and incident responders
Threats Detected Relies mostly on signatures and rule-based detection.

Detects known vulnerabilities and malware, and common, high-volume attacks

Advanced threats are often missed and sometimes even basic attack tactics

Able to detect malware, targeted attacks, zero-days, and insider threats
Staff specialization Staff does basic log management, monitoring, and investigation via playbook or script

Many employees lack experience and are trained to capably operate small fraction of technology that they show in their advertisement

Staff delivers focused expertise in advanced malware analysis, threat hunting, forensics, incident response, data science and security analytics, and security research


It is clear from this comparison that MDR is the better cybersecurity solution for your organization.

If you have not yet invested in detection and response technologies and internal capabilities, you need to consult with an MDR service provider who can help address your cybersecurity needs.

Netswitch offers MDR services to small and medium-sized businesses as well as large enterprises. For more details on how we can assist you in establishing a cybersecurity solution to fit your environment and meets your requirements, please contact us today for a consultation.

*** This is a Security Bloggers Network syndicated blog from News and Views – Netswitch Technology Management authored by Press Release. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)