Gartner’s newly released 2023 Market Guide for Managed Detection and Response Services offers detailed advice to organizations on what capabilities an MDR provider must deliver in order to keep its clients secure. The guide reinforces the notion that a MDR provider must come to the table with a portfolio of strong supporting solutions to deliver an effective and comprehensive security product.
Gartner defines an elite-level MDR service provider as one capable of delivering human-led remote security operations center (SOC) functions and rapidly detecting, analyzing, investigating, and actively responding through threat disruption and containment operations. These providers offer a turnkey experience, using a predefined technology stack that commonly covers endpoint, network, logs, and cloud. Telemetry is analyzed within the provider’s platform using a range of techniques. This process allows for investigation by experts skilled in threat hunting and incident management, who deliver outcomes upon which businesses can act.
As a provider aligned with Gartner’s definition of a strong MDR solution, Gartner selected Trustwave as a Representative Vendor for Managed Detection and Response Services. Gartner cited the fact that Trustwave has a clear end-user and outcome-focused offering distinct from pure technology-driven offerings.
An organization should begin the search for an MDR partner when there are no existing internal capabilities, when the organization needs to accelerate or augment existing security operations capabilities, or when it realizes it needs to obtain 24/7, remotely delivered, human-led security operations capabilities.
The vetting process to find a suitable MDR provider, according to Gartner, should include looking for turnkey threat detection, investigation, and response (TDIR) capabilities as a core requirement.
One of the first steps is to assess how the proposed MDR provider’s containment approach and incident reporting can integrate with your organization and whether it can perform actions on your behalf to align with business requirements as well as general compliance, legal policy, and government regulation.
Next, investigate whether the MDR provider’s service aligns with your business-driven requirements and provide actionable findings that internal teams can successfully react to, rather than settling for regurgitated technology outputs with no added analysis.
As the vetting process continues, an organization should ensure that the MDR program contains certain specific features.
MDR buyers must focus on the vendor’s ability to provide context-driven insights that will directly impact their business objectives, as a wide-scale collection of telemetry and automated analysis are insufficient when facing uncommon threats. In addition, Gartner has found that an increasing number of MDR customers demand vendors have remote initiate measures for active containment or disruption of a threat.
Trustwave comes to the table with 24x7x365 eyes on glass from seven global security operations centers staffed by highly trained researchers and analysts who monitor client environments.
There are also a series of optional (adjacent services) capabilities that an MDR vendor should be capable of providing.
Gartner suggests these should include additional contextual data sources providing details of security exposures such as vulnerabilities, attack surface visibility, and brand and reputational analysis. Next, a vendor should have digital forensics and incident response retainer capabilities (DFIR) offering call-off remote or deployable staff to carry out deep dive incident and root cause analysis.
Trustwave SpiderLabs maintains fully staffed incident response teams capable of responding to and coordinating a swift response to any cyber threat worldwide. This includes forensic investigators who can respond to a breach, identify the source, its impact, secure evidence, and begin the recovery process.
Gartner also recommends organizations investigate a vendor’s security assessment and validation capabilities, such as breach and attack simulation (BAS), that analyze the efficacy of security controls and response processes, and provide clients with guidance on how to improve their defensive posture is another preferred option.
Trustwave’s penetration testing teams are capable of finding potential weaknesses in a client’s system and then recommending a course of remediation. The company also can conduct Red, Blue and Purple Team testing designed to train a client’s in-house security staff how to defend their network against attack.
The final option is hypothesis-driven threat hunting, where clients are able to identify specific threat hunt targets to determine if a threat actor was to blame. The focus would be on users of interest or where privileged data is known to have entered public circulation. Different from threat hunting, which is included as part of MDR and hunts for known threat techniques.
The Trustwave team of skilled and experienced security professionals also provides advanced services such as behavior-based threat hunting (including Trustwave’s recently introduced human-led Advanced Continual Threat Hunting), detection, and investigation, backed by SpiderLabs’ industry-leading threat intelligence.
Gartner® has named Trustwave as a Representative Vendor in its 2023 Market Guide for Managed Detection and Response Services, which makes Trustwave the only pure-play security services provider listed in the Gartner Managed Security Service, Managed-SIEM, DFIR, and MDR Market Guides.
Trustwave MDR is the most complete MDR service in the market: