Analysts Keynote
ESET MANAGED DETECTION & RESPONSE (MDR) SESSION
CIOs, CISOs and other technology leaders today struggle with an expanded attack surface that they have been tasked with to defend. While technologies exist that can usually defend the broadening digital estate, stitching these different tools and platforms together into one cohesive capability is not for the faint of heart. Add on the additional labor that is needed to defend against the sophisticated attacks that can come at any time, on any day of the week, causes many organizations to seek a better, more cost-effective way of matching up against the cyber criminals and nation-state actors that seek to do their destructive work.
The Managed Detection and Response (MDR) service, along with the similar Managed eXtended Detection and Response (MXDR) offering have become industry titans for their capabilities in being able to mix the combination of their clients existing cybersecurity tools and/or platforms, along with the MDR providers custom IP, to create an elevated cybersecurity posture. The bonus is that this can often be done at a lower cost and at a higher efficacy level than if this were done exclusively by the buyers’ internal team.
Craig Robinson, IDC Security & Trust research vice-president hosts this presentation about the state of the managed detection and response market. MDR has rapidly evolved from managing EDR systems, to the engine that can collect telemetry from a variety of sources to better correlate and detect cyberattacks in minutes vs hours, days or even months. The expanded use of AI and GenAI capabilities by MDR providers is a key part of their ability to continuously improve their classic Mean-time-to-detect (MTTD) and Mean-time-to-response (MTTR) metrics.
Recent IDC research has uncovered ways that MDR is being delivered and what factors are important for buyers if this fast-growing industry stalwart:
- Where does MDR fall in a typical cybersecurity maturity journey?
- With the advent of GenAI use cases in MDR, how do the roles change for the humans that are in-the-loop?
- What sort of improvements are buyers of MDR seeing over time?
- What factors are the most important considerations for buyers of MDR?
Craig Robinson Bio
Craig Robinson is a Research Vice President within IDC’s Security Services research practice. Coverage areas include Managed Detection and Response services, Cyber Resilience, and Incident Readiness & Response services. Mr. Robinson delivers unparalleled insight and analysis, leveraging his unique practitioner experience leading diverse IT teams across several industries. This expertise positions him to provide valuable thought leadership, research and guidance to vendors, service providers and clients worldwide.
ESET THREAT INTELLIGENCE SESSION
Businesses utilize many different software platforms to build a fortified perimeter to protect its assets. The perimeter is built to provide friction and defense-in-depth, and this creates a wall for an adversary to scale. By definition, this is an inside-out perspective; however, threat intelligence provides an outside-in vantage point. That is to say, conventional perimeter defenses build a wall around corporate assets, threat intelligence tells you how high that wall should be.
Businesses do understand the value of threat intelligence platforms and services (this market IDC expects to have a CAGR of roughly 20%, 2025–2029). Businesses understand that the adversary is lurking in the wild, and business are also concerned that corporate intellectual property as well as slights against brand reputation are present on social media and the Dark Web. The problem though has been trying to make the information gathered by the best threat intelligence firms into actionable data for a business's cybersecurity posture (prevention)and making information germane to its line-of-business.
Chris Kissel, IDC Security & Trust vice-president hosts this presentation about the state of threat intelligence. Threat intelligence spans a great many uses. As mentioned, it includes digital risk and intellectual property protection. Most threat intelligence consumers understand TI for the tracking of malware signatures as well as the monitoring of threat actors and the tactics that they use. Threat intelligence has expanded to help organizations with "shadow IT," that is what attack surface management paths are vulnerable, which configurations have drifted, and simply what potential events a security operations team should investigate first.
Ultimately, threat intelligence is only good in that you can use it for strategic, operational, and technical purposes. In this presentation, IDC will discuss:
- - What are the current trends in threat intelligence
- - Which types of threat intelligence are preferred by businesses/consumers
- - How successful TI vendors are monetizing threat intelligence
- - What threat intelligence vendors need to do to bridge the gap between what they gather and how security operations use the information provided.
Chris Kissel BIO
Chris Kissel is a Research Vice President in IDC's Security & Trust Products group, responsible for cybersecurity technology analysis, emerging trends, and market share and forecast reporting.
Mr. Kissel’s primary research area is security operations and AI security analytics. The major technology groups within this practice are SOAR, firewall automation, network detection and response (NDR), threat detection and investigation response (TDIR), threat intelligence, and cloud-native XDR.
Mr. Kissel also contributes to the IDC SIEM and exposure management practices. The AI analytics service effectively covers the processes security operations analysts employ to monitor, detect, remediate, and mitigate threat actors attempting to attack a network and how AI algorithms can be used to enhance detection and response processes.
More presentations from Craig Robinson: Q&A Session
More presentations from Chris Kissel: Q&A Session