Managed Detection and Response according to Gartner

The cyber threat landscape is changing at an increasing pace every day. Sophisticated attacks and frequent alerts have made it increasingly complex for organizations to be able to independently manage their cybersecurity. Corporate security teams are challenged to manage a large number of threat signals while attempting to defend an ever-expanding attack surface.

It is not surprising, then, that Managed Detection and Response (MDR) is one of the fastest growing cybersecurity markets today. Indeed, managed cyber threat detection and response services offer companies the functions of a high-level Security Operation Center (SOC) delivered remotely. This enables proactive detection, analysis, and response to attacks through threat mitigation and containment.

What MDR services offer is a turnkey experience. Service providers offer a predefined technology stack covering endpoint, network, and cloud services to collect relevant logs, data, and information that are then used by expert security analysts to uncover threats and manage incidents.


Gartner's predictions on Managed Detection and Response

This is a market that continues to grow. Gartner estimates that, by 2025, MDR services will generate $2.2 billion in revenue with an annual growth rate of 20.2 percent. The spread of multicloud environments will lead organizations to face greater security risks and deal with the complexity of operating and managing multiple technologies.

Managed Detection and Response secondo Gartner_01

Source: Market Research Future

According to Gartner, this will lead to a push toward cloud security, and the market share of cloud-native solutions will also grow. The demand for cloud-based detection and response solutions will therefore increase significantly in the coming years. In particular, MDR technologies, along with Endpoint Detection and Response (EDR), will be the prevailing investment trend in 2023, according to the same analyst firm.

For technologically challenged enterprises that do not have dedicated teams available for threat detection and response, MDR services represent the highest value primarily because they offer the advantage of having a 24/7 operations center. That's why, by 2025, it is estimated that 60 percent of organizations will take advantage of the remote threat disruption and containment capabilities offered by MDR service providers, effectively doubling today's percentage of 30 percent.


The advantages of relying on an MDR service

The main advantage offered by MDR services lies in overcoming the need to build, employ and maintain a corporate Security Operation Center. Creating an in-house SOC represents a significant investment, which can vary widely depending on the technology used and the level of experience of the analysts hired. Then, as the attack surface continues to expand, including hybrid and multicloud, spending is likely to increase in the purchase of new solutions capable of protecting these environments.

At the same time, because most cybersecurity teams suffer from a shortage of talent in the labor market and are therefore composed of a limited number of analysts, the do-it-yourself approach to security is proving insufficient for an increasing number of organizations. Managing continuous alerts, juggling false positives, and responding promptly to an ongoing attack requires adequate personnel in terms of numbers and capabilities.

MDR services offer a solution to these problems, allowing security teams to rely on an external SOC that has the technology and expertise to protect all corporate environments, without having to invest in new technology and additional resources. MDR ensures constant monitoring of security environments and signals, enhancing the effectiveness and work of the internal SOC and keeping defenses up even outside the organization's working hours.

Back to Blog