Managed Everything? Vendors Shift Focus to Services

Threat management firm Rapid7 and data security firm Varonis announced new managed services this week, becoming the latest security companies to bundle complex security capabilities together in managed offerings.

On Feb. 6, Rapid7 announced its Managed Digital Risk Protection (DRP) service. which will regularly scan the Internet and Dark Web for signs that attackers may be targeting a client's business. A day earlier, data security firm Varonis expanded its portfolio of products that monitor data access and detect potential breaches to offer a managed service to detect and respond to incidents. Varonis asserted that the service will focus on detecting potential ransomware and data breaches and responding within 30 minutes.

"The way a lot of these data breaches actually happen is someone is able to compromise a regular user account, get a lot of data, and then exfiltrate that before anybody finds out," says Matthew Radolec, vice president of incident response and cloud operations at Varonis. "Our entire value proposition is that we want to help ... reduce the amount of data any one person can get to and use detection and response on data to stop those problems."

Varonis coined a new name for the market segment the new service fits into: managed data detection and response (MDDR).

Understanding New Market Segments

Organizations are increasingly consolidating their security vendors — in a September 2022 survey, three-quarters of companies said they have pursued vendor consolidation — and that is pushing vendors to differentiate themselves in the market. One way to accomplish that is by creating new market segments. For example, data loss prevention (DLP) as a segment has fragmented into data detection and response (DDR), data security posture management (DSPM), and insider risk management (IRM). Players in this market area include BigID, Cyberhaven, Dig Security, Laminar Technologies, and Sotero.

Nearly every new category leads to a managed version, but one that often does not need to exist and ends up just making the cybersecurity more complex, says Jeff Pollard, vice president and principal analyst at Forrester Research.

"We're creating a scenario for security leaders with all these various DRs [detection and response services], where, frankly, they're going to need to buy a tool per DR service," he says. "Vendors that have a kind of siloed niche offering are trying to make it seem substantially more sophisticated than it is, when in reality what security leaders really need are tools, technologies, and providers that will work across the entirety of their detection surface."

Making Sense of Alphabet Soup

In many ways, managed detection and response (MDR) covers a lot of ground and, so far, has done well for vendors and their customers. Vendors have happy clients, exceptionally rapid growth rate, and a very high margin for the service, Pollard says. Meanwhile, businesses can focus on the threats, leading to faster detection and response. Focusing on the data could improve the response time, but that is far from certain.

However, no matter what telemetry, data, or devices a detection and response service focuses on to detect threats, businesses just want to focus on outcomes — detecting threats and preventing compromises, says Eric Kokonas, vice president at Sophos.

"The truth is that the best applications of MDR are the result — not of strict adherence to a defined set of tools, telemetry sources, and services — but of an adaptable range of human-led capabilities that can be delivered and consumed in ways that are most compatible with organizations' needs and that are most likely to achieve the organizations' desired outcomes," Kokonas says. "Put more plainly, MDR services exist to achieve security and business outcomes the most optimal way possible."

Companies will likely adopt more managed services because security is growing more complex. Offering a managed version of an emerging security service will be an increasingly common approach, as the creation of an in-house cybersecurity capability is expensive, analyst firm Frost & Sullivan stated in its "Global Managed Detection and Response Market" report published in May 2022.

"In light of the shortage of cybersecurity professionals, organizations are looking for ways to automate the process of threat detection and response," the report states. "The new generation of solutions and services promises to deploy machine learning and artificial intelligence, automating decision-making to improve the overall performance of the security stack."

Data Out or Cloud In

Varonis' MDDR service aims to help companies track their sensitive data and detect any potential misuse of, or threats to, that data. The service focuses on securing the business from the data outward. At the time of a breach, the most important thing is to identify whether an unauthorized user is accessing data and to block their activity, Radolec says.

"Data is this soft and gooey and permeable layer of their security stack, and so we start with security around data, and not just alerting and detection response, but security posture is a big part of what we do," he says. "So we help organizations reduce what we call the blast radius, or how much information can any person get to how many resources can a person get to."

Many other security technologies look to prevent unauthorized users and potential threats from getting into the network and stealing or deleting data — starting with the cloud and moving into securing devices, users and data in the network.

Every company will likely have their own answer to questions about whether to center their security around protecting data, protecting devices, protecting identities, or protecting the cloud first, says Forrester's Pollard.

The truth is that no matter the starting point, the goal is the same, he says.

"The answer is you need a detection and response service that works across the entirety of your detection surface, that includes identities, that includes data, that includes cloud, and that includes applications," he says. "It's about avoiding niche offerings that operate in one segment and treating your tech stack like it's a silo, instead of looking at and finding something that is much more holistic and comprehensive. Those services are available; they exist today."