NTT Ltd has launched a managed detection and response (MDR) security service based on Microsoft Sentinel , a security information event management (SIEM) platform hosted in the Azure cloud service.
The NTT MDR service collects data from any user, device, application and infrastructure platform from any on-premises or cloud computing environment. That approach then makes it possible for NTT to apply advanced analytics and machine learning algorithms to more effectively identify and thwart attacks.
NTT’s MDR base service includes service tiers and deployment options, as well as support for add-ons that provide additional capabilities to expand detection capabilities and response actions. One current add-on, for example, is MDR for endpoint and security device management (SecDM).
Charlie Li, senior executive vice president for managed cloud and infrastructure services for NTT Ltd, said while the NTT MDR service runs natively in the Azure cloud, the service provider also plans to make instances of an MDR service available on other cloud platforms based on customer requests.
In contrast to legacy managed security services that focus on protecting perimeters, MDR has emerged as a managed service specifically focused on helping organizations combat attacks.
In general, there is a greater reliance on MDR services at a time when many organizations are striving to align cybersecurity strategies with specific business outcomes, noted Li. Organizations increasingly don’t have the expertise required to assess risk and then react to threats based on the level of actual risk they represent to the business, noted Li.
It’s not clear whether organizations are relying more on managed cybersecurity services versus their own internal expertise, but the research firm Markets and Markets predicted the global MDR market will grow from $2.6 billion in 2022 to $5.6 billion by 2027. One of the issues driving that shift is the fact that employing artificial intelligence (AI) to combat cybersecurity threats requires access to massive amounts of data to train an AI model. Most organizations are not going to be able to collect enough data to effectively train an AI model on their own.
There is, of course, no shortage of MDR services, and some organizations will disqualify some options simply because the cloud platform they are hosted on is not a corporate standard, for one reason or another. The one thing that is clear is that capabilities that were once provided by multiple point products are increasingly being rolled up into MDR services. Each organization will need to carefully navigate how MDR services are priced given the various tiers of service provided, but the total cost of centrally managing security should be lower when compared to integrating multiple point products across a range of on-premises and cloud computing environments.
In addition, each organization will need to determine how much they want to completely rely on a managed service versus co-managing cybersecurity alongside a services provider. One way or another, the way cybersecurity is managed is changing. The only issue that remains to be resolved is to what degree.