October 3, 2023

Recent research on MDR providers by Forrester showcases that over the past two years, they turned their attention from maximizing their efficacy at detecting ransomware to finding faster and better ways to respond to cyberattacks through automation.

The vendor desire for automated response exceeds the customer appetite, and clients need playbooks to understand what in their environment should be automated.

Forrester continues to see Expel’s current offering as the strongest by a considerable margin, but changes are afoot beyond the top slot. Red Canary, Secureworks and CrowdStrike took the silver, bronze and fourth place in their strength of current offering this time around, while in March 2021, Forrester awarded second, third and fourth place to Red Canary, FireEye and CrowdStrike, respectively.


From a strategy standpoint, CrowdStrike remains the leader of the pack, and Expel, Red Canary, Arctic Wolf, and SentinelOne earned silver, bronze, fourth place and fifth place, respectively. Last time around, CrowdStrike and Expel tied for the gold in strategy, and Forrester awarded the bronze in strategy to Binary Defense, Deepwatch, Rapid7, Secureworks and SentinelOne in a five-way tie

Over the next two years, the MDR detection surface expanded beyond endpoints, laptops, and desktops to include applications, APIs, clouds, and infrastructure, forcing vendors to invest in app security and observability Pollard also anticipates generative AI will be applied to ticketing, reporting, and workflows, and additional automation will streamline tasks that currently are menial and repetitive.

Outside of the leaders, here’s how Forrester sees the managed detection and response market:

  • Strong Performers: Secureworks, Rapid7, Arctic Wolf, Binary Defense, SentinelOne, eSentire
  • Contenders: ReliaQuest, BlueVoyant, Deepwatch
  • Challenger: IBM

CrowdStrike has added cloud security, identity protection, and log management capabilities to its managed detection and response offering. Threat actors have pivoted to cloud infrastructure and capitalized on misconfigurations, mismanagement, and mistakes, and CrowdStrike’s familiarity with the cloud has helped with extending MDR capabilities.

Extending MDR to cover identity provides organizations with more control and visibility over privileged credentials at a time when there’s been an 80% increase in incidents where stolen credentials are at the root of compromise.

Leave a Reply

%d bloggers like this: