LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and attitudes of security professionals around Managed Detection and Response (MDR) services. It’s not surprising that MDR is growing, but the survey revealed that this trend is moving fast, and organizations are in a hurry to solve critical challenges around staffing, alert overload, and the shortcomings of legacy MSSPs. While we encourage everyone to download this free report, here are a few highlights that stand out.

Osterman Research explores why organizations early to embrace MDR services report higher security posture across multiple dimensions in The Rush to MDR: Achieving the Promise of Elevated Security Posture.

Low-quality alerts waste everyone’s time

We hear these complaints from almost every security team: there is too much security noise, far too many alerts, and unacceptably high rates of false positives. Everyone seems to have a number they can throw out for false positives rates, typically ranging from 50% to 95%, so it’s useful to look at some unbiased survey data.

So, how high is too high? Well, 14% of respondents seem to have things under control, with a false positive rate under 10%. On the other end, 59% reported a false positive rate between 26% to 100%!

False Positive Rate in Security Alerts

Given the severity of real cyberattacks, the security industry seems far too tolerant of false positives. Imagine a surgeon telling you there’s only a 25% chance of making an error. Or a bank telling you that only half the transactions in your checking account were mistakes… oops.

Any false positives come at a significant cost. Enterprise SOCs have told us that a typical alert can take an analyst 30 minutes to chase down. Let’s do the match conservatively: if you get 250 alerts per week and only 30% are false positives, that’s 37.5 person-hours just dealing with the noise. Basically, one full-time employee is doing nothing productive for your business.

In smaller organizations, that one person might be a third of the entire security team, and it’s a zero-sum game. Any time chasing down junk, takes away from your ability to stop real threats.

Frankly, all SOC teams should demand false positive rates well below 10%. By automating alert triage and using AI learning models, LogicHub routinely deliver false positive rates well below 5%.

Outsourcing security makes sense, but MSSPs are coming up short

Keeping up with security requires specialized skills and the latest technology, so it makes sense to bring in the experts. But if you outsource security, you don’t want a vendor to just throw bodies at the problem – and of course, bill you for their time.

The Osterman survey found a dramatic shift away from legacy MSSPs. 79% of MSSP customers surveyed said they plan to upgrade to more modern MDRs. Equally dramatic is the planned adoption rate of MDR among all the respondents. While 30% are already using an MDR, another 42% said they plan to adopt one within the next 12 months.

Intent to upgrade from an MSSP to MDR
In my 20+ years in security, I can think of very few technologies that went from an adoption rate of 30% to over 70% in just one year. While it may take some organizations longer than expected to make the move, this shows the urgency of the problem.

Timeframe for Adopting an MDR service

What’s most important from an MDR?

While we established that alert fatigue is a major force behind the move to MDR, interestingly, it’s not on top of the wish list for most organizations. The Osterman survey asked respondents to rank their top reasons for adopting MDR, and the answers show a need to not just deal with the basics, but to modernize their overall security posture. Let’s look at the top 4 reasons cited:

Reasons for Adopting MDR services

Reason #1

On top of the list was the desire to have a service that complements their existing cybersecurity teams – not replacing them. This shows that while most organizations need help, they do not want to give up control, visibility, or oversight into how security is managed.

Reason #2

Second on the list was the need to automate response capabilities. A common complaint about legacy MSSPs, and some MDRs is that they highlight threats, and maybe suggest solutions, but they don’t proactively act to eliminate the threat. Automation is critical for this, but it must be flexible, and integrate with the businesses entire security stack – including network tools, cloud apps, endpoints, and ITSM systems.

Reason #3

Third on the list was threat detection. On the surface this shouldn’t be a surprise, but it also highlights that most organizations are not comfortable that their current security tools will catch every threat. In fact, we talk to many businesses that are so overloaded with alerts and manual response from their current systems, that more proactive threat detection is always on the wish list – and not achievable. Clearly, detecting the most advanced and dangerous threats requires vendors that combine the best detection technology with expert analysts that can see through the haze.

Reason #4

The fourth reason also shows gaps in our current security systems and processes. Support for cloud services ranks high because many organizations have been putting cloud security in a silo, and not considering it an integral part of their overall security posture. While we know that cloud providers deliver great benefits, ultimately the customer is always responsible for securing their critical systems and data. We’ve seen many recent examples where businesses using seemingly secure cloud services, such as Office 365 have had their account hijacked, and sensitive data exposed. Given the extensive APIs that most clouds offer, this is entirely preventable by modern MDR services that fully integrate cloud systems into the security stack.

LogicHub is helping customers harness the power of AI and automation to face the toughest security challenges - today and tomorrow. White paper: Power to the People Democratizing Automation & AI-Driven Security



LogicHub harnesses the power of AI and automation for superior detection and response at a fraction of the cost. From small teams with security challenges, to large teams automating SOCs, LogicHub makes advanced detection and response easy and effective for everyone.

Blog

Related Posts

August 2, 2022 Anthony Morris

Using AI/ML to Create Better Security Detections

The blue-team challenge Ask any person who has interacted with a security operations center (SOC)...

Learn More

July 26, 2022 Willy Leichter

How to Select the Right MDR Service

It can be difficult to understand the differences between the various managed detection and...

Learn More

July 21, 2022 Willy Leichter

The Evolving Role of the SOC Analyst

As the cyber threat landscape evolves, so does the role of the security operations center (SOC)...

Learn More

July 19, 2022 Kumar Saurabh

Life, Liberty, and the Pursuit of Security

As cyber threats evolve, organizations of all sizes need to ramp up their security efforts....

Learn More

July 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: July 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

July 12, 2022 Willy Leichter

Security Tools Need to Get with the API Program

No cloud API is an island The evolution of cloud services has coincided with the development of...

Learn More

July 6, 2022 Willy Leichter

Why the Rush to MDR?

LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and...

Learn More

June 28, 2022 Willy Leichter

Should You Outsource or Manage Security In-House?

Cybersecurity professionals Colin Henderson and Ray Espinoza share their take on in-house versus...

Learn More

June 22, 2022 Willy Leichter

Replace Your SIEM with Neural Net Technology

Security Information Event Management (SIEM) systems are an outdated technology. It’s no longer...

Learn More

June 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: June 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More