The Forrester Wave™: Managed Detection And Response Services In Europe, Q4 2023, went live earlier this week and is our first evaluation of the managed detection and response (MDR) space focused on the European market. In Europe, data sovereignty demands drive distinct European service requirements to which MDR service providers have had to respond. MDR providers have adapted their technical frameworks and service delivery methods across Europe, tailoring them to better align with regional nuances and securely sync services with specific statutory stipulations.

Forward-thinking providers have taken analytics beyond repetitive charts, using them to form hypotheses and inform threat hunts supported by automation. The providers that stay relevant will focus on creating actual value by solving specific user challenges and avoiding a loquacious lexicon that veers most verbosely in the name of a good marketing buzz. The vendors evaluated have demonstrated deep technical capabilities, a well-thought-out talent strategy, and a commitment to innovation.

Our research discovered that good MDR providers:

  • Use their insights to mature your security program and stop the bleeding. It is essential for providers to not only respond to incidents but also demonstrate a deep understanding of their clients’ specific industries and business processes. The best providers use their expertise to identify areas for growth in security teams, bridging knowledge gaps and building robust systems. They evolve your security ecosystem past responding to incidents to being able to anticipate them and become more proactive.
  • Demonstrate offensive security and threat-hunting capabilities. Human-led threat hunts, augmented by offensive security skills, enable professionals to form informed hypotheses for threat hunts. Security pros using MDR services get to comprehend evasion techniques and assess the effectiveness of their detection methods. Buyers should exercise caution with providers overly focused on automated threat hunting, as these lack the nuanced judgement and intuition that only human experts can currently provide.
  • Contribute to the ecosystem with original technical research. When selecting providers, prioritize those with concrete contributions such as (exploitable) common vulnerabilities and exposures, open source contributions, or insightful blog posts showcasing their expertise in areas like threat hunting, offensive security, and detection engineering. This demonstrates their deep understanding of security, ensuring that they are more than just an alert-generating service and have a real grasp of the threat landscape.
  • Provide proactive and clear communication. An overly confusing and complex pricing structure is a large headache for clients to navigate. Whether it’s purchasing additional capabilities or decoding analyst reports, vendors that save customers’ time hold competitive advantage over peers with poor user interface/user experience capabilities or inefficient onboarding processes. Regular, transparent reporting also helps understand the benefits that they receive from a vendor. Lack of such communication can lead to dissatisfaction and questions about the service’s worth and value.

You can get the full report here: The Forrester Wave™: Managed Detection And Response Services In Europe, Q4 2023.