Defining Required Capabilities for Managed Detection and Response

In security, clarity has always been a struggle. Buyers don't know what solutions do, and vendors don't understand what buyers really need. It's even harder because the security solution marketplace has become as complex and varied as any has ever been. For example, a simple term like “protection” can mean anything from preventing network access to enabling secure network access.  Sometimes it means encrypting data, and at other times it means trying to crack the encryption of networks and private data.

Enter Managed Detection and Response (MDR). Analysts report that managed security services are being augmented and replaced by MDR, but unfortunately, MDR is suffering from serious confusion about its capabilities and outcomes.  It’s critical that MDR be described with clarity, as these services can relieve overworked security teams; a priority in the current period of economic pressure.   These organizations appreciate the need for MDR to keep their information safe, but they don’t often understand the why or how behind the value they are hoping to receive.

This is why we have released the MDR Manifesto,  a set of clear MDR requirements created through the combined effort of Alert Logic, objective industry leaders, and analysts who are already working with inquiries and vendors in this new MDR space. This initiative, announced earlier this week, creates the opportunity for an open discussion of MDR capabilities, and will bring needed clarity to the purpose, efficacy, and value of MDR as a critical element in organizational security planning.

In the manifesto, there are seven tenets of MDR.  Any MDR solution must:

  1. Reduce the likelihood or impact of successful attacks;
  2. Provide 24/7 visibility and cover all assets in an organization;
  3. Continuously be refreshed with research on new threats and vulnerabilities;
  4. Augment technology with human intelligence to ensure accuracy and value;
  5. Provide custom responses that reflect business and attack context and cause;
  6. Scale to deliver technical analysis and human insights across dynamic environments; and
  7. Deliver results and reporting that are credible, accessible, and useful.

These tenets were informed by Alert Logic’s 20 years of experience across 4000+ MDR customers who adopted the solution before “MDR” got its name and became a new category. They are intended to provide clear definition to the value organizations should expect to receive when they add MDR to their security plans and budgets.

Alert Logic is releasing this manifesto as a means of starting a discussion: It isn't about Alert Logic, it's about clarity, specificity, and customer value.

To jumpstart this conversation about MDR, Alert Logic is hosting a seven-part webcast series beginning April 30, 2020.  Each episode will focus on one tenet of MDR. Industry thought leaders will participate in the webcasts to offer an independent view of the evolution of MDR protection and its importance in reducing the likelihood and impact of successful attacks.

Be sure to register for the webcast series at go.alertlogic.com/MDR-Webcast, and give the manifesto a read. If you have some time and passion, join the discussion online by using #MDRmanifesto, particularly if you have a different viewpoint. We want to hear it. You can also join our MDR Manifesto LinkedIn group, where you can discuss viewpoints, thoughts, opinions with industry experts and peers.

Let’s help the market understand the value of MDR.

About the Author

Jack Danahy - SVP, Security

Jack Danahy

As SVP, Security, Jack Danahy engages with customers and the industry on company product strategy. Danahy is an innovative security technology leader with proven success creating, delivering, and promoting new security technologies and practices to address critical needs. He has founded and co-founded three successful security companies, holding CEO and CTO roles. Most recently, he was CTO at Barkly and previously at Qiave Technologies (acquired by WatchGuard Technologies in 2000) and Ounce Labs (acquired by IBM in 2009). He is a frequent writer and speaker on security and security issues and has received multiple patents in a variety of security technologies. Prior to founding Barkly, Danahy was the Director of Advanced Security for IBM, and led the delivery of security services for IBM in North America.

More Posts by Jack Danahy