By Charles Ho
Head of Product
SolCyber
SolCyber is a HCM Defender Industry Alliance member. Read more about our alliance with SolCyber here.
MSSP, MDR, XDR, MXDR – How do you sort through the acronyms?
When you’re deciding between security solutions, one of the toughest challenges is deciphering all those confusing acronyms. This is no different in the services space. Managed security service providers (MSSPs) have been around for decades, but now, many organizations claim they have better security capabilities. There is extended detection and response (XDR), managed detection and response (MDR), or managed extended detection and response (MXDR) – all different acronyms that describe variations of similar services.
How do organizations go about choosing between these options? And how are detection and response services similar and different from MSSPs? We’ll help you make sense of it all. Below is our breakdown of MSSPs, MDRs, and where one of our key partners, SolCyber, fits in the mix.
Technical differences between MDR and MSSP
MDR
MDR, XDR, and MXDR services can all be grouped under the umbrella of MDR – managed detection and response. These are characterized by Gartner as services that come with a modern security operations center (MSOC) that allows your organization to detect incoming threats as well as investigate and analyze threats to figure out and implement the proper response.
Service providers who perform MDR services often come in with a predetermined technology stack, typically an EDR, that will collect data and logs, analyze what’s coming in, and perform investigations. MDRs combine automated detection and analysis with human expertise to determine the appropriate response based on the threat detected. While there’s no one set of services exclusive to MDRs, they all provide some level of response, as opposed to being a system just for alerts.
MSSP
On a practical level, MSSPs offer only monitoring and alerting. Recommended responses and subsequent actions are the responsibility of the organization instead of the provider. MSSPs also have a vendor agnostic approach – they’ll take over what you have instead of forcing your company into a prescribed technology stack.
While MDRs tend to go deep, MSSPs are more high-level and work with the information you give them. Based on what they are taught is “normal,” they can work to identify anomalies. The higher quality information that is being given, the more accurate and useful the alerts will be.
Instead of a service that eliminates present danger, MSSPs can be seen more as a preventative measure that can identify early signs of threats. Many MSSPs, particularly for SMBs, are automated and do not include as much human intervention the way MDRs do.
Why might an organization want to opt for an MDR?
Choosing between MDRs and MSSPs is all about taking stock of what you have in-house, the level of support you need, and what you can afford to bring on.
They are focused on a user-centric security model
An organization that might want to add an MDR would likely be one that has already made efforts to move toward a user-centric security model, meaning they have already worked to reinforce security strength on the side of the end user and invested resources into initiatives such as advanced email protection and phishing training.
They are looking to level-up from basic alerts
If a business needs to level up what they have to a true detection and response model, going beyond a high-level alert system, an MDR is the next logical step. They may have previously worked with an MSSP or had an in-house team who set up high-level automated alerts, but they feel the need to dig deeper or need to beef up support outside of internal staff.
They know what services will help them the most
Even if an organization feels confident that they need an MDR over an MSSP, they must keep potential limitations and desired features in mind. Because MDR/XDR/MXDR providers all have different capabilities, you must know exactly what features you need. For example, if IoT security is important to your team, or cloud security, you’ll want to work with an MDR provider that can accommodate these needs.
To summarize, MDRs are best for security leaders who have a vision of what’s needed but lack the resources, budget, or team to operate and manage in the way they see as most ideal. MDRs can serve as an outsourced team of security experts.
Why might an organization want to opt for an MSSP?
Because an MSSP doesn’t provide as much support, it’s a good solution for organizations that have a large existing investment in security: from perimeter to endpoint to identity. These businesses have a deep knowledge of what’s needed and what’s currently in place – they don’t need to have a team come in and help with that.
They’re looking for a service to take on daily operations and detection
An organization that would benefit from an MSSP likely has a large pool of security staff with response capabilities. This team can handle responses when threats roll in. These are expensive resources so it’s important to take some redundant tasks off their plate; daily operations and detection capabilities could move to an MSSP.
They need a partner to maximize their current security investment
MSSPs are great for companies that have invested significantly in security and have a suite of tools, technology, and team members, but are looking for a service that can tie everything together.
In short, MSSPs are best for mature security organizations that boast strong security knowledge that are looking to offload security management and alert triage. This will prevent them from getting tied up in less urgent work.
Why should you consider SolCyber?
Even though there are some significant differences between MDRs and MSSPs, that doesn’t mean you can’t find a provider that strikes a balance between the two.
SolCyber is the happy medium between how MDRs and MSSPs are defined. They’re specifically designed for SMBs with little investment into cybersecurity and don’t have a comprehensive understanding of what’s needed.
Companies may think that because they’re smaller, they are less likely to experience cyberattacks. However, security incidents are not exclusive to larger organizations, and often, small to medium-sized businesses are seen as an attractive target because they tend to be less prepared for incoming threats. Therefore, it’s especially important for smaller organizations with minimal cybersecurity investments to employ a set of security capabilities that can reduce the likelihood and impact of cyberattacks.
While every vendor takes a different approach, governing bodies such as NIST, along with cyber insurance carriers, are focused on the capabilities that will reduce the most risk. The Cybersecurity & Infrastructure Security Agency (CISA) just released cross-sector Cybersecurity Performance Goals (CPGs) that are designed to be met by organizations of all sizes. Following these requirements will improve cyber resilience, help businesses obtain cyber insurance, and are no longer optional.
To be covered, most cyber insurance policies have a number of these guidelines that need to be met. SolCyber models its services to meets key requirements for cyber insurance and works to drastically reduce security risks including:
- Timely patching of critical vulnerabilities
- Training employees on phishing, business email compromise (BEC), and other social engineering attacks
- Endpoint protection (EPP) and endpoint detection response (EDR) technology
- Protection against admin abuse
- 24×7 monitoring and response
- Offsite backups
- Provides a recommended tech stack so companies don’t have to build their own
Figuring out your level of cyber risk and what’s needed to address it can be overwhelming if you lack the in-house resources to sort it all out. If you’re looking to improve your cybersecurity profile but want the grunt work off your plate, talk to SolCyber.
To connect with SolCyber click the button below or email HCM Defender at memberservices@HCMdefender.com and let us know you are interested in learning more about how the alliance between SolCyber and HCM Defender can benefit your organization.