Editor’s note: This is the second part of a series of articles laying out how MSPs can expand their cybersecurity portfolios with MDR services. Read the first part here.
Not all MSPs can offer extensive managed detection and response (MDR) services to customers. Some may not be ready or able to establish the security operations center (SOC) capabilities required to offer MDR services. Others might be early in their managed security services journey and still determining the best ways to capitalize on the surging demand.
Similarly, some customers do not possess sufficient cybersecurity maturity to adopt MDR services. They may not be aware of the risk and sophistication of modern cyberattacks so they don’t find MDR services necessary. Or they have not yet implemented proactive defense measures, such as reducing the attack surface on their endpoints. This is important to keep the effort to detect and respond to attacks controlled and efficient.
Iratxe Vázquez Rodríguez
The good news is there are several levels of managed security capabilities that MSPs can employ. Regardless of the size of their business, they can deliver the right expertise to their customers.
No. 1: The Essential Layer
MSPs can offer customers an essential level of managed security services combined with automated MDR services without adding staff or building or outsourcing a SOC.
Some of these solutions combine a broad range of endpoint protection technologies with endpoint detection and response capabilities. They allow MSPs to elevate their customers’ security postures (such as with vulnerability assessment and patch management). They also automate the detection, containment and response to any advanced threat (such as with suspicious file classification through AI/ML or abnormal behavior detection with security analytics).
Such offerings are critical for smaller MSPs and those that haven’t yet fully transitioned to a services-based business model.
No. 2: Augmented Detection and Response
Beyond the essential layer, other solutions can add advanced hunting and response tools to enable MSPs and security operations teams cost-effective and easy-to-master managed security services.
These capabilities enable MSPs to reduce threat dwell time at their customers’ endpoints and strengthen their overall security posture. An example of this kind of service is the proactive search of recently disclosed threats in the wild by looking for known indicators of compromise (IoCs) at the endpoints or remotely accessing them to investigate further by examining the file system, the registry entries, and more.
No. 3: A Full MDR Service
Many MDR service offerings provide 24/7 cybersecurity with endpoint monitoring, threat hunting, detection, containment, and guided remediation.
In some cases, it includes proactive services to reduce the attack surface and the overall cyber resilience of their customers. This service requires a team of highly skilled cyber analysts, threat hunters, and responders who master endpoint detection and response (EDR), security analytics, and AI/ML technology. They follow well-defined and thoroughly trained processes to address sophisticated, undetected threats efficiently.
This comprehensive MDR service can be delivered by MSPs from an in-house SOC, a fully outsourced SOC-as-a-service, or a hybrid SOC, where part of the service is outsourced to a third party. The scope of services can include any or all of the following: 24/7 monitoring, detection, containment, threat hunting, recovery, lessons learned and attack surface reduction.
An Ongoing Effort
The cybersecurity landscape is continually evolving, presenting complex threats that many businesses find challenging to combat. MDR offers MSPs a significant opportunity to address these threats. Cybersecurity, however, is a journey, not a single destination.
This view highlights the ongoing and cumulative effort required to protect information and systems. The various levels of MDR described in this article series progressively enhance security teams’ capabilities and practices, improving their customers’ security postures. MSPs should embark on this journey with their trusted vendor, providing the MDR service level that best matches their capabilities and their customers’ needs while ensuring the service’s efficacy, scalability, and profitability at all times.
Iratxe Vázquez Rodríguez is a senior product marketing manager at WatchGuard Technologies. She has an extensive background in endpoint protection, endpoint detection and response, security operations centers and threat hunting platforms.
Image: iStock
