Gartner’s newly released 2023 Market Guide for Managed Detection and Response Services offers detailed advice to organizations on what capabilities an MDR provider must deliver in order to keep its clients secure. The guide reinforces the notion that a MDR provider must come to the table with a portfolio of strong supporting solutions to deliver an effective and comprehensive security product.
Gartner defines an elite-level MDR service provider as one capable of delivering human-led remote security operations center (SOC) functions and rapidly detecting, analyzing, investigating, and actively responding through threat disruption and containment operations. These providers offer a turnkey experience, using a predefined technology stack that commonly covers endpoint, network, logs, and cloud. Telemetry is analyzed within the provider’s platform using a range of techniques. This process allows for investigation by experts skilled in threat hunting and incident management, who deliver outcomes upon which businesses can act.
As a provider aligned with Gartner’s definition of a strong MDR solution, Gartner selected Trustwave as a Representative Vendor for Managed Detection and Response Services. Gartner cited the fact that Trustwave has a clear end-user and outcome-focused offering distinct from pure technology-driven offerings.
How to Vet an MDR Vendor
An organization should begin the search for an MDR partner when there are no existing internal capabilities, when the organization needs to accelerate or augment existing security operations capabilities, or when it realizes it needs to obtain 24/7, remotely delivered, human-led security operations capabilities.
The vetting process to find a suitable MDR provider, according to Gartner, should include looking for turnkey threat detection, investigation, and response (TDIR) capabilities as a core requirement.
One of the first steps is to assess how the proposed MDR provider’s containment approach and incident reporting can integrate with your organization and whether it can perform actions on your behalf to align with business requirements as well as general compliance, legal policy, and government regulation.
Next, investigate whether the MDR provider’s service aligns with your business-driven requirements and provide actionable findings that internal teams can successfully react to, rather than settling for regurgitated technology outputs with no added analysis.
The Key Components Every MDR Program Must Contain
As the vetting process continues, an organization should ensure that the MDR program contains certain specific features.
MDR buyers must focus on the vendor’s ability to provide context-driven insights that will directly impact their business objectives, as a wide-scale collection of telemetry and automated analysis are insufficient when facing uncommon threats. In addition, Gartner has found that an increasing number of MDR customers demand vendors have remote initiate measures for active containment or disruption of a threat.
Trustwave comes to the table with 24x7x365 eyes on glass from seven global security operations centers staffed by highly trained researchers and analysts who monitor client environments.
There are also a series of optional (adjacent services) capabilities that an MDR vendor should be capable of providing.
Gartner suggests these should include additional contextual data sources providing details of security exposures such as vulnerabilities, attack surface visibility, and brand and reputational analysis. Next, a vendor should have digital forensics and incident response retainer capabilities (DFIR) offering call-off remote or deployable staff to carry out deep dive incident and root cause analysis.
Trustwave SpiderLabs maintains fully staffed incident response teams capable of responding to and coordinating a swift response to any cyber threat worldwide. This includes forensic investigators who can respond to a breach, identify the source, its impact, secure evidence, and begin the recovery process.
Gartner also recommends organizations investigate a vendor’s security assessment and validation capabilities, such as breach and attack simulation (BAS), that analyze the efficacy of security controls and response processes, and provide clients with guidance on how to improve their defensive posture is another preferred option.
Trustwave’s penetration testing teams are capable of finding potential weaknesses in a client’s system and then recommending a course of remediation. The company also can conduct Red, Blue and Purple Team testing designed to train a client’s in-house security staff how to defend their network against attack.
The final option is hypothesis-driven threat hunting, where clients are able to identify specific threat hunt targets to determine if a threat actor was to blame. The focus would be on users of interest or where privileged data is known to have entered public circulation. Different from threat hunting, which is included as part of MDR and hunts for known threat techniques.
The Trustwave team of skilled and experienced security professionals also provides advanced services such as behavior-based threat hunting (including Trustwave’s recently introduced human-led Advanced Continual Threat Hunting), detection, and investigation, backed by SpiderLabs’ industry-leading threat intelligence.
ANALYST REPORT
2023 Gartner® Market Guide for Managed Detection and Response Services
Gartner® has named Trustwave as a Representative Vendor in its 2023 Market Guide for Managed Detection and Response Services, which makes Trustwave the only pure-play security services provider listed in the Gartner Managed Security Service, Managed-SIEM, DFIR, and MDR Market Guides.
Trustwave’s MDR Solutions Check All the Right Boxes
Trustwave MDR is the most complete MDR service in the market:
24/7 Global Security Operations Support
- Real-time Incident Monitoring, Threat Detection & Triage
- Human-led Incident Analysis & Investigation
- Active Incident Containment & Mitigation
- Client-defined Personalized Incident Response
- SpiderLabs Malware Reverse Engineering
- Real-time Streaming Analytics & Machine Learning
- Out-of-the-Box Correlation Rules mapped to MITRE
- Service Levels for Critical MTTA and MTTR
Modern Security Operations Platform (w/ Mobil App)
- Cloud-native Proprietary Security Operation Platform
- Custom Built Mobile App w/ Response Actions & Reporting
- Threat Investigation Transparency: Visibility, Tracking, & Audit
- Dashboards, Custom Reports, & Executive Reporting
- Data Retention (up to 365 days)
Proactive Threat Hunting
- Proactive Threat Hunting for Emerging Threats
Integrated Threat Intelligence
- SpiderLabs Curated Threat Intelligence
- Global Threat Research & Development
- Third-Party Threat Intelligence Partnerships
Expanded Visibility, Context, SOAR (Multi-Cloud & Hybrid Coverage)
- Cloud (AWS, GCP, Azure, Microsft 365 Defender, Defender for Cloud, etc.)
- Endpoints
- Network
- Logs
- Email
- 360+ Technology Data Source Integrations
- API Based Technology Onboarding
Security Colony: Threat Exposure Management
- Daily Breach Monitoring
- Ransomware Readiness Assessment
- Vendor Risk Assessment & Monitoring
- Security Maturity Assessment & Monitoring
- Ask an Expert & Cybersecurity Forum
- Cyber Advisory Resources & Video Library
MDR for Industry-Leading EDR/XDR Partners
- Unlimited EDR Security Telemetry
- MDR for Microsoft Defender
- MDR for Palo Alto Cortex XDR
- MDR for Trellix Endpoint Security
- MDR for SentinelOne
- MDR for Crowdstrike
- MDR for VMware Carbon Black Hosted EDR
- MDR for VMware Carbon Black Enterprise EDR
Dedicated Cyber Success Team
- Onboarding & Transitioning Consultants
- Client Success Manager
- SpiderLabs Threat Expert
- SpiderLabs Remote Incident & Breach Response
Trustwave MDR Adjacent Services
- Advanced Threat Hunting for Covert Threats / Anomalous Behavior
- Digital Forensics & Incident Response (DFIR)
- Firewall Technology Management (Integrated into MDR lifecycle)
- Penetration Testing (PT); Red & Purple Team
- Cyber Risk Advisory & Strategy
- Co-Managed SOC (Managed SIEM Services)
Bringing you the best in Managed Detection and Response with:
Rapid Time-to-Value
- No one in industry is faster to value
- Seconds to ingest data, outcomes produced in 10 min or less
- Onboard in less than 10 days, the right way
Faster Response Times
- No one in the industry responds faster*
- Personalized MTTR of less than 30 minutes
- Client defined response protocol fully integrated into SOC workflows and platform
Unrivaled Threat Intelligence
- Billions of records in global threat intelligence database
- Only provider with 6 Global Cyber Threat Research Centers
- Decades of threat intelligence leadership and a team prolific in finding threats and vulnerabilities
Dedicated Cyber Success Team
- A dedicated named resource with you for the life of the service
- We detect what others can’t with intimate knowledge of your environment for better tuning, faster and more efficient response
Best-of-Breed Partnerships
- We’re committed to future proofing your organization and connecting your hybrid multi-cloud operations to help you realize greater value from your existing security investments, together with our partners.
