MDR or MSSPs?
Organizations have traditionally turned to managed security service providers (MSSPs) for their external security needs. In contrast with MDR providers, which can detect lateral movement within a network, MSSPs typically work with perimeter-based technology as well as rule-based detections to identify threats. Also, the kinds of threats that MSSPs deal with are known threats, such as vulnerability exploits, reoccurring malware, and high-volume attacks. MSSPs have security professionals who perform log management, monitoring, and analysis, but often not at a very in-depth level. In essence, MSSPs are able to manage an organization’s security but typically only at the perimeter level, and their analysis does not involve extensive forensics, threat research, and analytics.
In terms of service, MSSPs usually communicate via email or phone, with security professionals as a secondary access, while MDR providers carry out 24/7 continuous monitoring, which may not be offered by some MSSPs.
However, MSSPs still provide value to organizations. For example, managing firewalls and other day-to-day security needs of an organization’s network is a task that is more apt for an MSSP than an MDR provider, which offers a more specialized service. Accordingly, MSSPs and MDR providers can work in conjunction with each other — with MDR providers focusing on the proactive detection and behavioral analysis of more advanced threats and giving remediation recommendations for organizations once the threats are discovered.