Integrating Managed Detection and Response Into Service Portfolios

By Stephan Tallent | September 28, 2020

This is a summary of an article written for MSSP Alert by Fortinet’s Sr. Director, MSSP & Service Enablement, Stephan Tallent. The entire article can be accessed here.

The increase in remote work initiatives has created new opportunities for MSSPs. This can be attributed to the fact that organizations are relying on service providers more than ever to help manage security across their expanding telework environments. But in order to take advantage of this, MSSPs require specialized cybersecurity tools and resources. 

Providing managed threat detection and response (MDR) capabilities will play a vital role in MSSPs’ ability to meet customer security demands. This trend was highlighted in a recent Gartner study, which found that by 2024, more than 90% of organizations looking to outsource security will focus on detection and response services. Buyers are turning to MDR providers because they are able to provide comprehensive response capabilities across remote business environments. This means that for MSSPs to stay competitive, they will need to incorporate managed detection and response technologies into their service offerings.

How MDR Offerings are Different from MSSP Offerings

MDR providers and MSSPs both provide security services to their customers; however, they detect and respond to threats in different ways. MDR providers combine network forensic and end-point security tools with human analysis and automation to detect and respond to threats. Their service offering is primarily built around threat detection and response. With improved threat detection times, organizations can respond to security incidents in real-time, limiting the impact of successful attacks. And should customers require assistance, MDR providers can help with threat remediation by deploying on-premise teams.

Conversely, MSSPs have traditionally prioritized security asset management. Compared to MDRs, MSSPs are more concerned with the deployment, management, and monitoring of security assets like firewalls and network access controls.

Challenges MSSPs Face When Looking to Provide MDR Capabilities

MSSPs face several challenges when looking to expand their service offerings to include MDR capabilities. These include:

Disparate Tools

MDR providers rely on multiple security vendors to provide threat detection and mitigation capabilities to customers. Without a centralized security platform, however, it can be difficult to gain the visibility and integration needed to manage threats properly. This is why MSSPs must work with vendors that provide the combination of tools needed to deliver threat detection and response services. Fortinet works to address this challenge by offering technology solutions, integrated via telemetry that work with each other to share threat intelligence and support native automation. This helps to eliminate silos associated with having multiple vendors by providing MSSPs with integrated threat management systems. 

A key component of successful MDR programs is having access to integrated security solutions. This has forced MDR providers to write middleware to get disparate technologies to work together. Solutions that incorporate automation with custom playbooks allow MDR providers to coordinate their detection and remediation efforts, helping them cut down on incident response times. For MSSPs who leverage decentralized tools, it can be difficult to discern false positives from active threats, creating gaps in security. As networks grow in complexity with the addition of endpoint devices and cloud solutions, having access to integrated security services is essential to the success of an MDR offering. Fortinet’s Security Fabric is designed to help address this challenge by providing MSSPs with a set of integrated security tools that work together to expedite threat detection and response. With integrated solutions, service providers can centralize case management and provide a full-stack of MDR offerings to customers.

Competition from MDR Providers

With the growing demand for threat detection and response, traditional MSSPs are threatened by MDR providers competing for the same customer-base that MSSPs have pursued. For this reason, it can be difficult for an MSSP to compete with established MDR providers without having access to the necessary tools and a detection and response service. This is why MSSPs must be able to differentiate their MDR capabilities in order to generate business. With Fortinet’s acquisition of EnSilo and Cybersponse for EDR and SOAR which is fully integrated with FortiSIEM, service providers can build full-stack MDR offerings through a single vendor. This level of integration is unmatched in the current market, helping MSSPs to stand out from the crowd and attract new business prospects.

SOC Skills Shortage and Lack of Opportunity for Training 

The effectiveness of SOC teams play a significant role in an MSSP’s ability to manage security on customer networks. Currently, there is a serious lack of available SOC talent. This leads many MSSPs to train staff internally, something which comes with its own set of challenges. SOC training involves learning how to leverage multiple technologies which not only can be time-consuming but also requires a considerable monetary investment. And once SOC analysts are trained, MSSPs run the risk of them leaving for another organization as their newly acquired skills will be in high demand. Fortinet developed the SOC Lifecycle Strategy to help MSSPs tackle this challenge. The lifecycle strategy is comprised of four stages, each of which provides MSSPs with the resources and guidance they need to establish the required infrastructure to provide MDR services to customers. 

Final Thoughts on Managed Detection and Response

Organizations have placed an increased emphasis on threat detection and response services. With integrated MDR capabilities, MSSPs can take advantage of this emerging market by providing customers with solutions that ensure ongoing security. With Fortinet, MSSPs are able to expand service offerings and deliver comprehensive MDR solutions to customers with a single security vendor.

Learn more about how managed detection and response service focuses on monitoring the alerts and suspicious threats detected by FortiEDR.

Current partners can visit the Partner Portal to find important updates from Fortinet and our partner program.