Which flavor of MDR is right for your org?


At best, the managed detection and response (MDR) landscape is multi-faceted and complicated; at worst, it’s downright confusing and frustrating to navigate.

Further compounding the challenge of determining the best approach to MDR for your organization is the simple fact that it’s unique. Your mix of security tools, your business-driven risk requirements, and the makeup of your security team are just some of the factors that play a role in finding and implementing the type of MDR that best meets your company’s business and technical requirements.

The fact remains that MDR can (and perhaps will) play an important role in your security strategy. As many orgs struggle to find the right people to fill roles, MDR is already helping bridge the gap—and that trend is set to continue. According to Gartner, “by 2025, 60% of organizations will be actively using remote threat disruption and containment capabilities delivered directly by MDR providers, up from 30% today.”

So if you’re considering an MDR solution, now’s a great time to learn more. Luckily, Gartner recently released its 2023 Market Guide for Managed Detection and Response Services, providing a comprehensive analysis of the MDR market, a look at its evolution, representative players in the space, and overall recommendations.

We believe the Gartner analysts who authored the Market Guide do a great job providing some context before you begin your MDR search:

MDR buyers must focus on the ability to provide context-driven insights that will directly impact their business objectives, as wide-scale collection of telemetry and automated analysis are insufficient when facing uncommon threats.

This Market Guide lends clarity on where to start, core capabilities to consider, and optional capabilities that can bolster your MDR deployment.

In fact, Gartner® outlines one of the first steps you should take:

Define specific required outputs (incident ticket structure, reports) and goals that address defined use cases, before engaging with a provider. As with any outsourcing initiative, if outcomes are not defined, regardless of what service provider is used, the chance of success will be lessened. Buyers should also be cautious of overemphasizing the value of SLAs as part of detection-and-response-driven services.

Going a layer deeper, a few of the core capabilities Gartner recommends are:

  • 24×7 remotely delivered detection and response functions.
  • Turnkey delivery, with predefined and pretuned processes and detection content.
  • Triage, investigate and manage responses to all discovered threats, regardless of priority with no limitations on volumes or time dedicated to the discovery and investigation process.

And while you’ll need to download the full report to get all the recommendations, market directions, recommended capabilities, and vendors in the MDR space (including yours truly), here’s a taste of core MDR and adjacent services to consider:

Download your copy of the Market Guide for Managed Detection and Response Services from Gartner here.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Expel.

Attribution: Gartner, Market Guide for Managed Detection and Response Services, Pete Shoard, Al Price, Mitchell Schneider, Craig Lawson, Andrew Davies, 4 February 2023.

Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.