Take The 2022 Security Operations Trends Survey Today  START 
Skip to main content

Understanding The 2021 Gartner Market Guide for Managed Detection and Response Services

We believe, a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position vendors within the market, but rather more commonly outlines attributes of representative vendors that are providing offerings in the market to give further insight into the market itself. We feel the Gartner Market Guide helps organizations learn about the below:

  • Manage the risk of investing in an emerging market with insight into its direction and potential.
  • Support the argument for allowing an emerging market to further evolve before making a commitment.
  • Survey the types of provider options in the market and understand how offerings are likely to evolve.

Insights Into Gartner Market Guide for Managed Detection and Response

Per Gartner, "MDR is an established market recognized by buyers. Interest in the market continues to grow with Gartner observing a 35% growth in end users’ inquiries on the topic in the last year. Gartner estimates that by 2025, the MDR market will reach $2.15 billion in revenue."

However, Gartner points out that the number of MDR providers and the range of styles continue to increase, causing challenges for buyers looking to identify and select an appropriate provider.  Gartner recommends security and risk management leaders use this research to understand the MDR market and its dynamics.

Cutting Through the Noise: What Buyers Should Consider

Gartner states that "by 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment and mitigation capabilities. "However, with more than 100 vendors in the MDR market, picking the right solution can be challenging." 

Gartner believes that successful MDR vendors will package and deliver the following to buyers:

  • "Use of specific technologies that orchestrate and centralize threat detection, investigation and mitigation, and methods, such as the use of API-enabled integrations. These allow the MDR provider’s team to quickly implement and turn-up services to support the activities performed and the outcomes being delivered. The provider-operated technologies available (as a minimum) should cover endpoint detection and response, network-based detection response, and the ability to support monitoring of identities and entities, cloud infrastructure and platform services (CIPS) and popular SaaS applications. Other applicable technologies may include OT/ICS security and Internet of Things (IoT) security.
  • A focus on high-fidelity threat detection and validation. The provider takes responsibility for determining how threats are detected. Customers may have little opportunity to customize threat detection use cases relative to their environment. For example, the MDR providers might be looking for specific TTPs that indicate that a threat is active in a customer’s environment. However, if the customer wants some specific detection logic for their environment, that level of customization may not be supported under the terms of a core MDR service.
  • A common delivery platform for all customers which provides centralized reporting. The delivery platform ensures all customers receive a common set of TI and security analytics and essentially a comparable service experience. The platform therefore should be expected to use orchestration and automation (for example, security orchestration, automation and response [SOAR]) capabilities to augment and optimize, but not replace human analysts in the providers’ SOC." 

For all this more information and more, we encourage users to download 2021  Gartner Market Guide for Managed Detection and Response Solutions

Gartner Market Guide for Managed Detection and Response Services, Pete Shoard, Craig Lawson, Mitchell Schneider, John Collins, Mark Wah, Andrew Davies, 25th October 2021.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About the Author

Brian Burke is Sr. Director of Analyst Relations for Arctic Wolf. He has 20+ years of experience in cybersecurity serving as both an industry analyst as well as leading AR programs on the vendor side. Prior to joining Arctic Wolf, Brian led Analyst Relations for CrowdStrike from 2016-2021 and for Kaspersky from 2011-2016. Brian also served as an industry analyst with IDC covering cybersecurity from 1999-2011 as well a short stint in client care with Gartner from 1997-1999.

Profile Photo of Brian Burke