Heimdal
article featured image

Contents:

If you’re looking for external help with your organization’s security posture, one of the big decisions to make is whether you’ll go with generalists or specialists.

On one hand, you could opt to work with a managed security service provider (MSSP). These generalist businesses offer a wide range of security services.

Alternatively, you could choose to work with suppliers who are highly specialized in certain technologies. One common example here is managed detection and response (MDR) companies.

They have unique experience and expertise with this kind of cybersecurity tech.

This article will help you compare using an MDR vs MSSP – and decide which is right for you.

Key takeaways:

  • Learn what MSSP and MDR companies offer;
  • Discover advantages and disadvantages of both business models;
  • Get practical insights for comparing MDR vs. MSSP;
  • Tips and insights for deciding which approach is best for you.

Related: What’s the difference between MSSP and SOC?

MDR vs MSSP: Key Differences

The major difference between MDRs and MSSPs is the focus of each of these organizations’ business models.

An MDR is typically a highly specialized security company that deploys EDR, NDR or XDR solutions. They’re often smaller businesses with staff who have an in-depth knowledge of a small number of detection and response technologies. Solutions used by an MDR business might include:

  • Heimdal® MXDR;
  • Arctic Wolf MDR;
  • Alert Logic MDR;
  • SentinelOne;
  • Among others

These companies will deploy the detection technology to their customers’ systems and monitor activity. Depending on the service level agreement, they will often monitor activity 24/7, and may help remediate any breaches.

The unique selling point of an MDR is that they know how to use detection and response technology effectively. These tools, while powerful, can be difficult to use, generate many alerts and require a lot of training. So, outsourcing the work to an MDR can be the best option for some companies.

An MSSP, by contrast, will offer a much wider variety of cybersecurity services. These companies can almost be viewed as your ‘outsourced cybersecurity department’. They will take over responsibility for many of your security needs. They can select and deploy the right kinds of security tools for your business. They may also offer some kind of MDR service among their other services too.

MSSP software may include:

  • Network security;
  • Patch management;
  • Identity and access management;
  • Endpoint protection;
  • Threat hunting;
  • Email security;
  • Compliance support.

The USP of working with an MSSP is that they give you a complete, highly experienced and always-on security solution. MSSPs are typically larger organizations, and can usually offer monitoring and management 24/7.

The following table can help you compare and contrast MDR vs MSSP:

Comparison table between Managed Detection and Response (MDR) and Managed Security Service Provider (MSSP) highlighting differences in market size, services offered, and costs. The MDR market size is estimated at $1.56 billion in 2023, with a cost of $20–$30 per user/device per month, focusing on specialized EDR, NDR, or XDR tools. The MSSP market is much larger, estimated at $31 billion in 2023, with costs ranging from $50–$300 per user/device per month, offering a broad range of cybersecurity services.

Understanding Managed Security Service Providers  (MSSP)

Gartner defines providers of managed security services as companies that offer: “outsourced monitoring and management of security devices and systems”

These companies provide a variety of cybersecurity services, including things like:

  • Managed firewalls;
  • Vulnerability scanning;
  • Security training;
  • Patch management;
  • Intrusion detection;
  • Threat hunting;
  • Managed detection and response;
  • …and much more.

Not all MSSPs are the same and they don’t all offer the same kinds of services. But you can think of them as security generalists. They employ cybersecurity analysts who will have expertise in a variety of security technologies, frameworks and processes.

You typically pay them a monthly fee to manage some – or even all – of your security processes.

As the list above notes, some MSSPs will offer managed detection and response (MDR) services. Exactly what form of MDR they offer depends on many things (what MDR tech they’re proficient with, how many employees have trained with it, what capacity they have). But not all MSSPs necessarily offer MDR.

Benefits of MSSPs

Working with an MSSP provides many potential benefits. These include:

Complete Security in One Place

In theory at least, an MSSP can provide all of your organization’s security. They should have the expertise and tech know-how to offer all the services required and keep you protected.

Access to Expertise And Tools

MSSPs will employ highly experienced professionals, and they’re likely to use some of the most powerful cybersecurity tools.

Pick And Choose Services as Required

Most MSSPs offer an extensive range of security services. That lets you pick and choose what you need. Many organizations will do some security in-house (e.g., running their firewall), but can ask the MSSP for help with specific activities (e.g., patch management).

Drawbacks of MSSPs

Working with an MSSP can have some limitations too.

May be Too Costly for Smaller Businesses

Although there are definitely some MSSPs that work with smaller customers, it is true that these companies tend to serve larger businesses with bigger budgets. Employing cybersecurity professionals, investing in tech and training staff is expensive. This means MSSPs will tend to have higher fees than smaller businesses can absorb.

Outsourcing Risks

Although MSSPs can be expected to run secure operations, it’s not impossible for them to be breached. That could give criminals a backdoor into your systems. Placing ‘all your eggs in one basket’ is a real issue with using just one MSSP.

There are also potential issues around privacy, data ownership and portability. In some countries, regulations may restrict your ability to outsource cybersecurity.

Jack of All Trades, Master of None?

While many MSSPs are excellent, the risk of using a generalist is that they may be a ‘Jack of all trades’. It is hard to be good at everything, and some MSSPs may try to offer more services than they can really do well.

One stop shops are becoming more prevalent because buyers have become tired of needing to coordinate multiple service providers who more often than not tend to pass the buck around… The flaw is that a lot of providers will have a hard time trying to be good at everything.

Discussion Thread from r/MSSP

You may also like: MSP vs. MSSP

When to Choose an MSSP

A managed security service provider can be a good option for:

  • Larger businesses with complex IT;
  • Firms that are struggling to employ security professionals;
  • Companies that prefer a single point of contact for security;
  • Companies who are expanding fast and need to add more services as they grow.

Understanding Managed Detection and Response (MDR) Providers

Microsoft defines MDR services as a cybersecurity service that helps proactively protect organizations from cyberthreats using advanced detection and rapid incident response”.

Providers of MDR services will deploy, run and monitor various kinds of security detection and response technology, including endpoint detection and response (EDR), extended detection and response (XDR) and network detection and response (NDR). They will roll this technology out to your networks where it monitors activity on devices, apps, software and other places.

If anything suspicious is detected, staff at the MDR’s security operations center (SOC) will receive a notification and investigate. MDR staff may also provide resources to help you contain a breach that the technology identified.

In recent years there’s been a growth in pure-play MDR providers who specialize in deploying EDR, XDR and similar tech. While EDR, NDR and XDR are powerful, they can also be difficult to use effectively. They also generate large amounts of data and notifications.

Businesses may prefer to hand the management of these tools over to a specialist MDR business.

Read more: Why MDR is better than EDR

Benefits of MDR Services

Working with an MDR business provides many benefits.

Specialization

An MDR provider will be highly specialized in the use of specific EDR or XDR technologies. They’ll know how to use them effectively to monitor for threats, know what ‘false positives’ look like, and protect you against potential breaches.

Spread Your Risk

If you are looking to outsource cybersecurity activities, using different specialists can spread your risk. Even if one supplier lets you down, this will only affect one domain of your cybersecurity posture.

Less Expensive

Working with an MDR tends to be less expensive than an MSSP. MDRs offer fewer services, and many of the tasks involved are repeatable while using the same technology. That means they can work with multiple customers without escalating costs significantly.

Drawbacks of MDR

While managed detection and response can be very valuable, it has its limitations.

Limited Focus

A pure-play MDR provider will, of course, only offer a very specific set of services. If you find you need more support with other cybersecurity solutions, you will need to go to market again.

Integration Challenges

Depending on which EDR, NDR or XDR technology the MDR company uses, it may not integrate smoothly with your existing technologies and processes. For example, an MDR that is specialized in Microsoft Defender for Endpoint may not be able to monitor Linux operating systems.

Outsourcing Risks

As with MSSPs, outsourcing to an MDR comes with outsourcing risks and challenges. If a criminal found a back door into the MDR’s system, they could then potentially access your company’s data too.

When to Choose an MDR

An MDR can be a good option when:

  • You have a large number of endpoints, devices and apps on your network that you’re struggling to monitor yourself;
  • You have a small security team who lack the time or resources to analyze notifications from XDR/EDR/NDR systems;
  • You are capable of doing most other security tasks in-house.

MDR vs MSSP: How to Choose? 

I always tell everyone to start with the business and try to remove your personal bias from the equation, because you may perceive it as the owner, saying “we need to buy this service or we need this one particular [thing], or we need to get PCI compliant”, and then you don’t realize that there’s other things that may be on your docket that may be more pressing.

Matthew Heffelfinger, Director of SIEM Operations at SecurityMetrics

Deciding whether your organization would benefit more from working with an MDR or an MSSP can be challenging. The following tips may help:

Focus on the business’s needs

As the above quote from security professional Matthew Heffelfinger highlights, your decision about outsourcing security will ultimately depend on your company’s specific needs. What is the business case for outsourcing security? Which specific areas are you weak in? What makes more sense to do in-house, and what processes are more sensible to outsource?

Consider your existing tech stack

Mapping your existing tech stack is also valuable. You can then identify a security service provider who’s able to provide services that match your actual tech usage.

Checklist of needs and wants

Create a checklist of the specific needs you have for cybersecurity and regulatory compliance. You can then use this to identify which kinds of suppliers you want to work with.

Practical questions

Think about how an MSSP or MDR solution would fit in with your existing security team and processes. Do you need a ‘helping hand’ who can support all aspects of your security? An MSSP might be preferable. Do you just need an expert to run EDR, NDR or XDR? Then an MDR is the better option.

Your budget

MDR companies will typically have lower costs than MSSPs – they’re often smaller businesses and they only monitor one kind of technology. As a consequence, they are often a cheaper option.

Remember – you can mix and match

If you aren’t sure if you just need an MDR solution, or would like other services too, it’s possible to merge XDR/EDR tools with other security services. Many MSSPs do include an MDR service. You will of course need to verify whether their technology would suit your tech stack, but it’s often possible to mix and match.

MDR vs MSSP? Why Not MXDR

Heimdal’s MXDR service provides you with enterprise level protection using our world-leading extended detection and response solution – at an affordable price.

mxdr heimdal

You get 24/7 monitoring of your environment, from the people who built the tech.

Our unified security platform continually monitors your IT environment, and combines human and artificial intelligence to investigate, hunt for and remediate breaches.

On top of standard XDR tech, you also get privileged access management, email security, network security and support from our very own security operations center.

Book a Demo

FAQs About MDR vs MSSP

What is better, MDR or MSSP?

Both approaches to outsourcing cybersecurity can be very effective – it depends on your needs. MDR is more focused on monitoring threats on your endpoints, devices, apps and networks. MSSP is more general, offering a wide variety of security services – which may include MDR too.

Does an MSSP cost more than an MDR?

Yes, working with an MSSP will typically cost more than working with a pure-play MDR provider. This is because MSSP’s normally have more employees, have access to a wider variety of security technology, and have more overheads.

What tools does an MDR use?

Managed Detection and Response providers will typically use EDR, XDR or NDR to monitor their clients’ environments

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE