MDR, MSSP and SIEM: A Primer

November 22, 2016 Arctic Wolf Networks

The rising tide of cybercrime is putting more pressure on IT leaders than ever to make smart, cost-efficient detective cybersecurity purchases.

Traditionally, businesses turned to security information and event management (SIEM) as the go-to cyberthreat detection tool. Then managed security service providers (MSSPs) came into the picture, offering faster deployment and reduced overhead on SIEM-as-a-Service and other tools – but at the loss of control and visibility. More recently, an entirely new market called managed detection and response was born (MDR).

So, which is the most sensible solution?

That’s the question we explore in our new white paper titled “Why choose MDR over MSSP or SIEM?” As a primer, let’s take a look at the basics of each offering:

SIEM: Log Data Galore

There’s a lot to be said for the value of a comprehensive, structured feed of all activity occurring within a network. It gives you the opportunity to analyze all of this data for suspicious activity. More in-depth analysis can help you determine the origins of the intrusion and devise a remediation strategy in response.

That said, SIEM is expensive to manage for several reasons, which we’ll get in further detail in our upcoming white paper. Of course, for enterprises that have abundant resources, the price point isn’t a huge concern. But for the mid-market and SMBs, it’s a very different story.

SIEM centralizes log data into a central management console.

SIEM centralizes log data into a central management console.

MSSPs: Out of Sight, Out of Mind

MSSPs may just be the best thing out there for small and medium-sized businesses. Cybersecurity is out of sight and out of mind. But for large enterprises in compliant industries, outsourcing SIEM management probably isn’t feasible. Likewise, mid-market organizations such as hospitals and local banks need to keep cybersecurity very much in sight and very much in mind.

Beyond compliance, there are several other inherent concerns with a managed SIEM and other MSSP offerings that the mid-market needs to be wary of. These are discussed in greater detail the full-length white paper, available here.

MDR: The Middle Ground

“MDR is the Goldilocks of the threat detection world.”

In a lot of ways, MDR represents the Goldilocks solution of the threat detection and incident response world. Like an MSSP, a 24/7 managed security operations center acts as the SIEM. Unlike an MSSP, MDR provides a more complete picture of an organization’s security posture. Security engineers perform analysis of network events to catch threats in the moment, but they then go a step further by following the threat in reverse, so as to document its entire lifecycle. Weak spots in the network are then brought to the attention of the client, along with advice for how to patch them.

With an alarming number of organizations turning their backs on SIEM due to an inability to manage it 24/7, and many other organizations feeling pressured to buy tools and subscribe to managed services they’re not sure they actually need, MDR is looking more ideal to the mid-market by the day.

To learn more about which approach to threat detection is right for your business, click here to read our white paper “Why choose MDR over MSSP or SIEM?”




Previous Article
Why your Cybersecurity Strategy Is Splitting at the SIEM
Why your Cybersecurity Strategy Is Splitting at the SIEM

SIEM has left many a mid-market organization by the wayside thanks to high operational expenses, noisiness ...

Next Article
NCSAM, part 5: How to Build a Hunting Team With a Small Security Team

Protecting critical infrastructure requires no less than 24/7/365 cyberthreat hunting. 


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!