What’s behind the demand for MDR and IAM systems

Finding the right tools for your security system can be a real struggle, especially for smaller businesses.

While there is a tendency for organizations to jump on the security technology bandwagon, onboarding the newest and hottest tools, it’s vital for security analysts to take a step back and evaluate what tools are garnering the most investment, and why they are so popular.

Managed detection and response systems — and anything dealing with identity management — are gaining more attention, thanks to what's happening in the threat landscape.

The tools address top security issues organizations face today: the expanding threat landscape, where attacks are growing more sophisticated and stealthy, and the rising number of identity-based attacks.

MDR’s role in the security system

Organizations, both large and small, want MDR services that will help reduce false positives and improve overall threat detection, investigation and response, according to research from Gartner.

From 2023 through 2025, Gartner expects MDR’s growth to exceed $6 billion, almost doubling revenue in 2022. By 2025, most MDR services are expected to include a pre-breach cybersecurity validation assessments and security posture advisory, the study determined.

More companies are turning to MDR because it provides customers with remotely delivered, human-led modern security functions for the purposes of reporting, rapid detection, analysis and investigation of threats, said Mitchell Schneider, senior principal analyst at Gartner, in an email interview. It can also aid remote mitigation to those threats.

“Finding threats is somewhat easier than it used to be; however, understanding if they will impact you, how you should deal with them, and being there with that knowledge at the right time is where MDR provides value,” Schneider said.

Across providers in the market today, the systems that stand out do two things, according to Schneider:

They understand and coordinate the needs of the businesses they serve, drawing on business-driven, rather than security-driven, requirements. They also consume only relevant data from systems and keep costs low, translating the combination of requirements and data into effective risk understanding.
They deliver actionable insights aligned with a customer’s capabilities. Outputs are delivered in a way that is technical for the resolvers/responders — and business-led for the board. The outcomes quantify and consider the risks for that business, helping them decide what to react to and how to do that in the least risky way.

Identity management needed to tackle credential compromise

The influx of devices forced organizations to rethink their approach to protecting identity, according to Mark McClain, CEO and founder of SailPoint at Navigate. Bring-your-own-device policies and other pandemic-induced changes have eroded security team control over the last decade.

Identities are the common thread between devices and the corporate network, both human and non-human, most with multiple credentials.

“So you have this explosion of identities on one side, and completely non-control over ownership [of] all the technologies they’re using, expanding the attack surface,” said McClain during a conversation at SailPoint Navigate 2023.

This has forced leadership to initiate deeper conversations about how to address the security risks around identity and credential compromise. After rationalizing access entitlements, security teams must grapple with access monitoring across every potential entry point.

“It’s not just the front door you have to protect; you also have to recognize the damage they can do once they are inside,” said McClain.

Identity management comes in various forms — access and privilege, to name two. Tools are needed for identity screening, verification and permission control.

Because credential compromise is so difficult to detect and because it has become one of the leading attack vectors, organizations are stepping up their adoption of identity and access management and privileged access management tools.

What does the future hold?

The future is all about AI. The technology has been used in cybersecurity for years, but it wasn’t until generative AI tools came on the market in November 2022 that it became the only technology anyone wanted to talk about.

NNow, cybersecurity vendors are looking for ways to integrate the technology into their products, so in the coming months and years, expect to see generative AI used for tasks such as adaptive threat detection, predictive analysis, or improving patching and updating processes.

Emergent AI is at the top of Gartner’s Hype Cycle list for 2023 and beyond. How organizations adopt AI technologies for their cybersecurity systems in the future will depend on how it is adapted into current tools and how the security landscape evolves.