The Forrester Wave™: Managed Detection And Response, Q1 2021

In our 19-criterion evaluation of managed detection and response providers, we identified the 15 most significant ones — Arctic Wolf, Binary Defense, CrowdStrike, Cybereason, deepwatch, eSentire, Expel, FireEye, Kudelski Security, NCC Group, Rapid7, Red Canary, Secureworks, SentinelOne, and Trustwave — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk professionals select the right one for their needs.

The Threat Hunting-To-Analytics Pipeline Is A Difference Maker In MDR

Forrester’s 2021 evaluation of the managed detection and response (MDR) market showed sophisticated use cases, educated customers, and high expectations. Good MDR vendors have definitively avoided becoming the alert factories their MSS cousins became. Innovation in the segment is fast and furious as providers rolled out cloud detection and response capabilities and prioritized support for multiple endpoint agents — in particular, Microsoft Defender, which every vendor mentioned. The use of other telemetry — sources beyond the endpoint to augment and add context to alerts — varied immensely by provider, and response actions were often limited to what the endpoint detection and response software the vendor supported.

Client references wanted specific benefits from their MDR vendors:

1. better detection than the customer could achieve on their own;
2. rapid investigation to provide context as input into decision-making; and
3. expertise available to make faster, more accurate decisions on which response actions to choose.