Today, Microsoft announced the upcoming availability of a new managed extended detection and response (MXDR) offering and additional support for third-party MDR providers that leverage Microsoft technologies. Whenever Microsoft expands to a new market it serves as a fantastic validation of that market, and we appreciated serving as a design partner for this project.
Microsoft can’t solve this problem alone. We need innovative partners like Red Canary to ensure that our customers can effectively detect and respond to threats across their enterprises. —Vasu Jakkal, Corporate Vice President, Microsoft Security
In short, this is a big day for MDR. A few conclusions stand out to us:
Tools alone don’t secure organizations
If security tools on their own delivered the results security teams want, Red Canary wouldn’t exist and Microsoft wouldn’t be announcing an MXDR service. Microsoft’s announcement validates a core belief in Red Canary’s approach to MDR: that tools alone don’t deliver outcomes and organizations want outcomes.
Humans are required to distill signals from noise. And even more specifically, human expertise – both security-specific and operational – is required to detect, investigate, and respond to those signals lightning-fast, 24/7. Our software + human operational expertise is how we help customers detect 3.8x more confirmed threats from Defender for Endpoint than they do without Red Canary. Delivering security outcomes is what we do at Red Canary, and Microsoft’s announcement is further validation of our mission and market.
MDR requires more than EDR
Two years ago, Microsoft launched managed threat hunting for the endpoint. This summer, they will expand their offering to cover Microsoft 365 Defender broadly – endpoints, identities, email, and cloud apps.This distinction reflects customers’ desire for MDR across the enterprise and for MDR providers to bring more of their customers’ security data to bear on their detection and response programs.
We’ve seen this as we’ve worked with Microsoft customers over the years: as a result, our MDR for Microsoft ingests data from the full suite of Azure and Microsoft 365 Defender tools to deliver improved detection and response outcomes. For example, our customer The CoStar Group noted that, “Red Canary far outmatches our ability to get high-fidelity detections and see the value of Defender for Identity alerts.” We weren’t surprised that Microsoft saw the value of broadening the scope of MDR to provide value beyond the endpoint as well.
MDR is the preferred security service
Security services are not new, but this level of growth and customer satisfaction for a security service is. According to Gartner, the MDR market grew by 48.9% from $1.5B to $2.25B from 2020-2021 while non-MDR security services grew by 4.5% during that same period.
That growth has attracted new vendors like Microsoft to develop their own MXDR services, but it also reflects customers’ increased expectations of security service providers. Put simply, security organizations want their security service providers to do more than just tune tools or prioritize and report on their alerts. The market’s growth reflects a real customer need for service providers that improve their customers’ security programs by focusing on security outcomes versus just operating their security tools.
To learn more about how Red Canary MDR covers the Microsoft security suite, visit our MDR for Microsoft web page. You can find links to webinars we’ve done with Microsoft customers, Red Canary + Defender integration and ROI guides, and more.