Why managed detection and response (MDR) adoption is growing among small businesses

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

Most small and medium businesses are not equipped with 24/7 security operations to monitor threats while providing threat detection and response, leaving their infrastructures exposed to cyberattacks. Firewalls, endpoint security, identity access management (IAM) and network safety dominate their security budgets, providing preventative support, amounting to just 5% of annual IT spending, according to Gartner. 

SMBs face the daunting challenge of trying to afford technologies needed to secure their applications, infrastructure and networks as software prices increase. Keeping their security operations center (SOC) staffed to monitor threats and provide detection and response support during a severe labor shortage is another. As a result, Forrester research found that 64% of SMBs running an SOC internally or in a hybrid internal/external model have ten or fewer employees operating their SOC, with 32% running one with five or fewer employees. In addition, while 81% of SMBs surveyed are monitored by an internal security operations center (SOC), more than half (57%) do not operate 24 hours a day, seven days a week. 

The result is that nearly every SMB is shorthanded when it comes to achieving 24/7 threat detection and response, with many relying on managed detection and response (MDR) service providers to fill the gap. That’s why 53% of SMBs rely on external partners, including MDRs, to close their threat detection and response gaps.  

SMBs are under cyberattack

Cyberattacks against SMBs have grown by 150% over the past two years. Forrester Consulting and Pondurance collaborated on the recent study, Attackers Don’t Sleep, But Your Employees Need To. The report found that 69% of SMBs feel they are facing critical and expanding cybersecurity threats this year, with 75% saying cyberattacks have increased in three years. As a result, improving detection and response by engaging with external security operations providers, including MDRs, is seen as a critical tactic by most SMBs for maturing their cybersecurity programs.

Signs an SMB needs to look for indicating it’s time to transition from running their own SOCs to having an MDR handle it includes the following, according to the report’s author Jeff Pollard, vice president and principal analyst at Forrester. 

In a recent email interview with VentureBeat, Pollard said that “MDR purchases have external and internal drivers. The main external drivers are, first, cyber insurance requirements. Cyber insurers want 24/7 detection and response in an environment — second [is] customer requirements. A company customer requires 24/7 detection and response services or won’t work with the company, and the third is a compelling event [a breach].”

Pollard explained that internal drivers to watch for include “consider moving when adding or replacing an existing EDR tool since most EDR vendors offer MDR service now and/or when renewing an MSSP contract. Migrating from MSSP to MDR generally brings better outcomes, and MDR clients are happy than legacy MSSP clients ever were.” 

Known for prioritizing their security spending on preventative controls first and not having the budget or staff to achieve 24/7 threat monitoring, detection and response, SMBs are partnering with MDRs to reduce the risk of cyberattacks disrupting their businesses.

Where MDRs close security gaps 

Forrester’s study illustrates why SMBs need a solid strategy to reduce the time to detect and respond to incidents, beyond increasing their spending on preventative controls. Partially reducing the risk of a cyberattack by relying on firewalls, endpoint security, IAM and network security needs to be strengthened with detection and response company-wide. Gartner predicts that by 2025, 50% of organizations will use MDR services for threat monitoring, detection and response functions that offer threat containment and mitigation capabilities.

SMBs must also set the goal of reducing the time to detect and respond to incidents on a 24/7 basis. Yet, as the Forrester study shows, most SMBs struggle to find qualified cybersecurity experts to staff their internal SOC. Conversely, MDRs continually recruit threat analysts with detection and response expertise that can immediately help clients by reducing the risk of a cyberattack. 

SMBs most value outside security partners that can collaborate closely during incidents (52%) while also filling internal skill gaps (47%). MDRs and security partners’ ability to help round out SMB cybersecurity capabilities not only mitigates risk to the business, but also helps satisfy cyber insurance requirements, according to 42% of respondents.

Responding to an endpoint- and network-based infrastructure threats are the most challenging areas for SMBs, along with gaining greater visibility into digital forensics and post-breach investigations.

MDR adoption is increasing across small businesses because service providers are continually fine-tuning their threat containment and response services combined with advanced analytics and threat intelligence. Midsize enterprise CIOs and IT leaders are also looking for MDRs with an experienced team that can handle breach and risk detection, digital forensics and incidence response. Additionally, 38% of SMBs report that they plan to implement managed detection and response in the next 12 months, validating how important it is for MDRs to provide an experienced team that provides security and client support. 

What to look for in an MDR provider 

The MDR landscape is becoming more competitive, delivering greater value to SMBs who need the support. Defining detection and response use cases is a practical first step for identifying which services will be needed from an MDR and if their tech stack is a good fit with an SMB’s existing IT infrastructure. 

MDR providers that can bridge security operations gaps and combine artificial intelligence (AI) and machine learning (ML) with experienced analysts are leading the market today. Of course, 24/7 response with automated alerts and experienced monitoring support is a given to look for in a provider. 

Before adopting, SMBs should also evaluate MDRs on how well they can detect potential threats currently bypassing preventative controls. Leading MDR providers can also map to the MITRE ATT&CK framework and show their coverage, which is invaluable in improving detection and response tactics and strategies. 

Knowing how response actions are managed, the success of a provider’s SOC analysts working with other clients and if they offer digital forensics and incident response on-site and remote are also essential factors to keep in mind. 

Finally, check on how the MDR providers being considered recruit, retain and promote their threat analysts. The labor shortage in cybersecurity is particularly challenging, so it is important to know how MDRs consider to managing their businesses relative to that constraint.

Originally appeared on: TheSpuzz