In addition to the multiplication of cases of cyber threats, companies of all sizes are increasingly dependent on online applications. As a result, the urgency for cyber security solutions and specialists grows, with emphasis on outsourced services in two models: MSS and MDR.
In fact, the so-called IT outsourcing – or hiring third parties specialized in the area of digital security – has advantages for many organizations. In view of the scarcity of specialized professionals and / or the lack of internal resources to offer the necessary defense, the option has gained more and more followers in the corporate environment.
But after all, what is the difference between so-called managed security services (MSS) and managed detection and response services (MDR)? Which mode is most advantageous? Clarify your doubts below!
MSS and MDR: understand the services
With the evolution of market demands and changes in service models, the differences between MSS and MDR become increasingly blurred and even tend to disappear.
For now, there are still specific distinctions that are pointed out by the Gartner Institute itself. Check out the definitions:
What is MSS (managed security services)?
The acronym MSS refers to managed security services.
It is an accurate model for dealing with a company’s security needs, monitoring systems and devices on an outsourced basis. This includes blocking spam and detecting viruses and malware.
Other common MSS services include:
- intrusion detection;
- Netherlands VPN or virtual private network;
- managed firewall;
• antivirus services;
- Scanning for vulnerabilities and security holes.
In this sense, hiring MSS provides highly available services that operate full time, aiming to reduce the need to hire security employees in the company (in addition to training and retaining them).
What is MDR (managed detection and response services)?
In turn, managed detection and response services or managed detection and response services combine technological solutions and security via outsourcing, identifying malware and malicious activities on systems.
From there, the MDR model is dedicated to monitoring the safety net and issues quick alerts when any abnormality is detected. In addition, it generates an agile post-incident response and provides recovery assistance. The professionals involved also provide insights in line with business security requirements.
Among the characteristics of the MDR, we can mention:
- combination of technologies applied at the network and host layers ;
- detection, monitoring and response services;
- advanced analytics ;
- Human expertise and threat intelligence in the investigation and response process.
After all, what are the differences between MSS and MDR?
When it comes to the differences between MSS and MDR services, the former are more basic, targeting companies that need more simplified infrastructure and security teams.
The MDR model, on the other hand, offers greater incident response capacity, providing greater efficiency in detecting and mitigating problems.
In this scenario, managed detection and response services are more sophisticated and advised for companies that need to deal with many threats in a short period of time.
It is also worth mentioning another interesting differential of the MDR: the work of analysts goes far beyond generating alerts. In practice, there is in-depth analysis, investigation and validation of threats. Professionals also have the expertise to provide assertive guidance to contain and mitigate security incidents, offering services of great added value.
At this point, it is also important to mention that certain MDR service providers offer active threat hunting, that is, “hunting for cyber threats”.
In the approach, instead of just waiting for alerts to act, the specialists strive to act proactively and search networks and systems in search of possible loopholes and invasions.
For that, the outsourced MDR professionals use advanced tools that involve security analytics and even Artificial Intelligence. With this, it is possible to detect and contain more complex and sophisticated threats, such as zero-day attacks and insider threats (internal users who act maliciously).
The 7 distinctions between MSS and MDR, according to Gartner
To complement, in a more technical way, the main distinctions between the two outsourced managed services, check out the points highlighted by the Gartner Institute:
Security event log and context sources
- MSS: the data sent to the service provider is determined by the customer.
- MDR: here, the technological stack is provided by the service provider and implemented at the customer’s premises (the action is included in the price).
Remote device management
- MSS: ISPs manage most common security controls, including firewalls, intrusion detection systems, web gateways and intrusion prevention systems.
- MDR: management is performed only for technological stacks provided by the providers themselves.
Compliance reporting (compliance)
- MSS: yes, they are done.
- MDR: reports are performed very rarely.
Interface for services
- MSS: the main interface takes place via portal and e-mails. It can also happen via chat and phone.
- MDR: the interface is more based on direct communication with analysts (email, phone or voice messages), and not on portals.
Incident response support
- MSS: it happens both remotely and locally.
- MDR: support is light, remote and generally included in basic services. The onsite (local) response is promoted by an authorized person.
- MSS: when remote, complete management of security controls is performed for the client. In addition, services similar to MDR are offered (managed endpoint detection and response).
- MDR: containment is performed with the technological stack provided by the service provider or with the client’s own technologies, optimizing scripts and APIs to make scheduled changes.
SLAs (service level agreements) for incident detection and response
- MSS: yes, it provides SLAs.
- MDR: rarely provides SLAs.
As we mentioned, the trend is for both managed service models to blend more and more, offering a broad and sophisticated range of outsourced resources to leverage business cybersecurity.
To give you an idea, Gartner himself predicted that by 2020, 80% of MSS service providers would already be offering some form of advanced MDR services – and this trend has in fact been materializing.