Networking, IT management, MSP

MSSPs Race to Managed Detection and Response (MDR) Services

Share
Jeff Pollard, vice president and principal analyst, Forrester Research
Jeff Pollard, vice president and principal analyst, Forrester Research

By the beginning of August, both of my managed security services provider (MSSP) Forrester Waves will be published, marking five Forrester Waves authored and 62 vendors evaluated in the MSSP space during my five years at Forrester. While Forrester Waves can be exhausting for the analyst and the vendors alike, witnessing the progression of an industry I’m passionate about makes the effort worthwhile.

Our 2018 Forrester Waves asked for MSSPs to step up, become action-oriented, and end their “alert factory” practices. Clear opportunities existed for MSSPs to develop and utilize new skills and new workflow capabilities and to build extra capacity to handle remediation actions. As Claire O’Malley, Melissa Bongarzone, and I started the most recent MSSP research, we were excited to see how MSSPs had advanced to address gaps in the market to meet the needs of their customers.

MSSPs Race to Embrace MDR

Instead of advancement, however, we witnessed a pivot. Lateral movement is still movement (pardon the pun). MSSPs have abandoned the “alert factory” model by shifting their focus — and their marketing dollars — to managed detection and response (MDR) services. This doesn’t feel like an innovation as much as it does a strategic shift — and a rebranding opportunity — that MSSPs don’t want to miss out on.

MDR solves the problems we called on MSSP vendors to fix. However, it also presents disadvantages for MSSP customers. For instance, MDR services get labeled “premium” or “new services” behind higher-tiered paywalls, forcing customers to grapple with better security capabilities or dig deeper into their security budget. And we should mention that “premium” is often synonymous with higher margin.

The turn to MDR helps MSSPs abandon — often quietly — existing services in which they now have little interest. For existing customers, that might require scrambling to find vendors that manage firewalls, basic log retention, and other security technologies as they become de-prioritized in favor of higher margin services. For existing MSSP customers, shifting to MDR means some solved problems are now unsolved.

Key Takeaways

Although the key takeaway from this Forrester Wave is that, despite vendor promises to the contrary, MDR is not a direct replacement for MSSP, we also found some positives. The leading MSSPs vaulted ahead in terms of cloud capabilities and the ability to work with data no matter the type or the location. That bodes well for the future, but this leap forward means MSSPs behind them will have to rush to catch up.

MSSP management, support, and use of SOAR platforms to automate actions for themselves — but more importantly for their customers — also jumped ahead significantly. This was exciting to see compared with two years ago when the technology was nonexistent or mostly focused on improving MSSPs’ own internal workflows and not their customers’. Click here to read the full report.


By Jeff Pollard, VP, principal analyst at Forrester, with Melissa Bongarzone, research associate at Forrester. Read more Forrester blogs here.