Businesses looking for a cybersecurity solution might feel confused about the terms used to describe various offerings. Writers often (and mistakenly) utilize the terms MDR (managed detection and response) and MSSP (managed security service provider) interchangeably, adding to the confusion.
Making matters worse, one provider’s MDR service doesn’t equal another — the same goes for MSSPs. Although MDR and MSSP are umbrella terms, the way each company provides each service differs.
Each type of provider has its benefits and downsides and we’re here to explore each offering. By understanding precisely what MDRs and MSSPs are, it’s easy to determine their major differences. And, most importantly, once you know exactly what each one is, you’ll be able to decide which of the two best suits your needs.
Managed services refer to a business model in which an outsourced company assumes full responsibility for some specialized zone of service: ensuring those operations keep running, offering support and maintenance, and sustaining a proactive attitude related to the service.
MDR is a “managed” version of EDR—endpoint detection and response.
EDR is the tool—or suite of tools—used to monitor endpoints and network events, sometimes with the capabilities to respond to anomalies or threats. EDR is essential in today’s threat landscape. Because of the way threats have evolved, running an antivirus and firewall simply isn’t enough anymore.
MDR takes this essential EDR tech and incorporates sophisticated analytics monitored by humans (if they’re an effective MDR provider) who proactively take action to react to threats rapidly. However, it’s important to do your due diligence as there are varying degrees of management and response depending on the provider
EDR means you’ll be alerted when a potential threat occurs—like hearing an alarm when the house is on fire. MDR means you’ll have regular inspections by humans, ensuring no fire hazards exist, with firefighters ready to turn on the hoses if a flame does ignite.
MSSPs provide a broader suite of services, covering an organization’s full gamut of security needs but, for the most part, MSSPs have traditionally offered security monitoring services and provided minimal response capabilities.
This means that traditional MSSP solutions lack the dedicated attention that a modern managed security service brings. Whereas MDR runs 24/7, with real humans monitoring tools and conducting sophisticated forensics and analyses, traditional MSSPs focus more on implementing prevention tools and monitoring tools but not much else.
These types of MSSPs will typically help you implement the major security basics you need, such as firewalls, MFA, antiviruses, vulnerability scanning, etc. Their approach is usually one of “install and forget,” with the business model relying heavily on automation or leaning on the customer’s own IT department. They’ll take the logs from your existing tools or from those they recommended to use, analyze them, and report on any detected threats.
However, this still puts the onus on the customer who needs to validate whether the threats are false positives or real and respond to them accordingly.
An important distinction to make when looking at the difference between MDR and MSSPs is that modern MSSPs are a different service altogether. Traditional MSSPs are limited in their coverage and response capabilities, but modern MSSPs look to serve modern organizations and fill the gaps found in both MDRs and conventional MSSPs.
A modern MSSP provides human-led response capabilities and brings its own tech stack that offers multifaceted prevention, protection, visibility, and detection in order to deliver comprehensive cyber resiliency for a resource-strapped organization. Modern MSSPs should be considered a fully outsourced security department – a model that could be an excellent choice for organizations with few dedicated cybersecurity resources. The capabilities of these new MSSPs extend well beyond just endpoint and cover key areas of risk such as identity, email, and network. Additionally, they’ll continue to strengthen your defenses when you’re not under attack – much like peacetime activities by the military.
Services and offerings differ from company to company but the typical differences between MSSPs and MDRs are:
MDR | Traditional MSSP | Modern MSSP |
Usually comes bundled with an EDR tool. This can provide better endpoint protection on top of what you already have. | Depends on your tools. If you have a tech gap, then there’s a detection gap. | Brings its own tech stack so organizations don’t have to take time looking for the right vendors. |
Highly focused on intrusion prevention and immediate response. | Focuses on broad coverage. | Offers proactive cyber resiliency that includes prevention and incident response |
Hands-on response to attacks. | Relies on the customer for response | Human-led response, end to end. |
Fully outsourced solution. No in-house cybersecurity team is required. | Works best when you already have a strong cybersecurity team in-house. | Fully outsourced solution with more capabilities than MDR. |
MDR is a more modernized, agile, security offering than the traditional MSSP model. For many years, MSSPs filled a gap in the industry, providing robust automated solutions covering all major security aspects to buffer an organization’s security posture. Considering the perennial cybersecurity labor shortage, MSSPs have been crucial for companies to cover their bases, especially for enterprises with a fairly robust cybersecurity team.
However, given the need for cybersecurity across all industries and companies large and small, traditional MSSPs that only offer monitoring services and rely on large in-house teams aren’t enough. Most customers need monitoring and response, which is where MDR and similar services are most effective.
Broadly speaking, most companies will need to invest in EDR, whether managed or not and an MDR is often best for companies without a big cybersecurity department. Investing in an MDR should be a long-term commitment. Data breaches can be extremely costly, even fatal, and choosing a slightly cheaper service at the risk of being unprotected can lead to much higher costs in the long term.
If you feel like your organization does need more than just an MDR, you should look for a provider that can expand its managed services. Otherwise, you may end up working with an MDR, looking for another provider that offers expanded services, and find yourself with the same vendor management and complexity issue that drove you to use managed services in the first place. Here’s where a more fully equipped managed service can be useful, like a modern MSSP.
Modern MSSPs offer more than just security monitoring as many traditional ones do. They can provide their own tech stack, offer 24/7 coverage, including response, and also implement proactive cybersecurity capabilities to improve an organization’s overall cyber resiliency. Traditional MSSPs and their security monitoring aren’t enough for true protection so we encourage organizations to do their due diligence when looking for either an MSSP or an MDR provider.
SolCyber offers both MDR and modern MSSP services. We can also offer guidance if you need help deciding which is best for your organization.
To learn more, contact SolCyber today.