Threat management firm Rapid7 and data security firm Varonis announced new managed services this week, becoming the latest security companies to bundle complex security capabilities into managed offerings.
On February 6, Rapid7 announced its Managed Digital Risk Protection (DRP) service. which will regularly scan the Internet and Dark Web for signs that attackers may be targeting a customer’s business. A day earlier, data security company Varonis expanded its portfolio of products that monitor data access and detect potential breaches to offer a managed service to detect and respond to incidents. Varonis said the service will focus on detecting potential ransomware and data breaches and responding within 30 minutes.
“The way a lot of these data breaches actually happen is someone is able to compromise a normal user account, get a lot of data, and then exfiltrate it before anyone finds out,” says Matthew Radolec, vice president of incident response and security. cloud operations in Varonis. “Our whole value proposition is that we want to help…reduce the amount of data that any one person can access and use data detection and response to stop these problems.”
Varonis has coined a new name for the market segment into which the new service fits: managed data detection and response (MDDR).
Understanding new market segments
Organizations are increasingly consolidating their security vendors: in a September 2022 survey, three-quarters of companies said they had pursued supplier consolidation – and this is pushing sellers to differentiate themselves in the market. One way to achieve this is to create new market segments. For example, data loss prevention (DLP) as a segment it has fragmented into data detection and response (DDR), data security posture management (DSPM), and internal risk management (IRM). Players in this market area include BigID, Cyberhaven, Dig Security, Laminar Technologies, and Sotero.
Nearly every new category leads to a managed release, but it often doesn’t need to exist and ends up making cybersecurity more complex, says Jeff Pollard, vice president and principal analyst at Forrester Research.
“We are creating a landscape for security leaders with all these various DRs [detection and response services]“where, frankly, they will need to purchase a tool for DR service,” he says. “Vendors who have some sort of isolated niche offering are trying to make it seem substantially more sophisticated than it is, when in reality what security leaders really need is tools, technologies and vendors that work across their entire surface detection.”
Making sense of alphabet soup
In many ways, managed detection and response (MDR) covers a lot of ground and, so far, has worked well for vendors and their customers. Sellers have satisfied customers, an exceptionally fast growth rate and a very high margin for service, Pollard says. Meanwhile, companies can focus on threats, resulting in faster detection and response. Focusing on data might improve response times, but that’s far from certain.
However, no matter what telemetry, data or devices a detection and response service focuses on to detect threats, companies want to focus only on the results: detecting threats and preventing compromises, says Eric Kokonas, vice president of Sophos.
“The truth is that the best applications of MDR are the result – not of strict adherence to a defined set of tools, telemetry sources and services – but of an adaptable range of human-driven capabilities that can be provisioned and consumed in ways that are more compatible with the needs of organizations and are more likely to achieve the outcomes organizations desire,” says Kokonas. “Put simply, MDR services exist to achieve security and business outcomes in the most optimal way possible.”
Enterprises will likely adopt more managed services because security is becoming increasingly complex. Offering a managed version of an emerging security service will be an increasingly common approach, as building an in-house cybersecurity capability is expensive, according to analyst firm Frost & Sullivan stated in its report “Global Market for Managed Detection and Response.” published in May 2022.
“In light of the shortage of cybersecurity professionals, organizations are looking for ways to automate the process of detecting and responding to threats,” the report states. “The next generation of solutions and services promise to implement machine learning and artificial intelligence, automating decision making to improve the overall performance of the security stack.”
Data leaving or entering the cloud
Varonis’ MDDR service aims to help companies keep track of their sensitive data and detect any potential misuse or threat to that data. The service focuses on protecting the company from external data. At the time of a breach, the most important thing is to identify whether an unauthorized user is accessing the data and block their activity, Radolec says.
“Data is this soft, sticky, permeable layer of their security stack, so we start with data security, and not just alerts and detection responses, but security posture is a big part of what we do,” he claims. “So we help organizations reduce what we call the blast radius, or how much information a person can get or how many resources a person can get.”
Many other security technologies seek to prevent unauthorized users and potential threats from entering the network and stealing or deleting data, starting from the cloud and moving on to the security of devices, users and data on the network.
Each company will likely have its own answer to the question of whether to focus its security on data protection, device protection, identity protection or cloud protection, says Forrester’s Pollard.
The truth is, no matter the starting point, the goal is the same, he says.
“The answer is that you need a detection and response service that works across the entire detection surface, including identity, data, cloud and applications,” he says. “It’s about avoiding niche offerings that operate in one segment and treating your technology stack as if it were a silo, instead of trying and finding something that is much more holistic and comprehensive. These services are available; they exist today.”