Why MDRs Expanding Into Other Services Will Help Keep Companies More Secure

Kevin Gee

July 10, 2024

Why MDRs Expanding Into Other Services Will Help Keep Companies More Secure

It seems like just yesterday that most organizations had never heard of Managed Detection and Response (MDR). Back in 2017, it was estimated that less than 1% of organizations had outsourced some part of their security services to an MDR.  This number has grown significantly over the past few years as the 2024 Gartner® Market Guide for MDR notes that “MDR mind share increased 29.14% year over year with MDR adoption growth increasing 67% from 2021 through 2022.”  We think this growth stems not just from general recognition in the market, but out of a need for organizations to get help for their security teams. Bitdefender saw in our 2024 Cybersecurity Assessment Report, 71% of respondents feel that their security solutions have not lived up to the promised hype, while 64% of security practitioners were considering new job opportunities over the next year. Security teams are overworked and need help, and many organizations are turning to MDRs.  

Beyond recognizing the benefits of partnering with an MDR to supplement their security team, many organizations are now seeking additional capabilities and services from those vendors. The Gartner report highlights this growing trend of services and capabilities consolidating under the MDR umbrella. Let’s go through a few of these notable trends and then we’ll examine why we believe this consolidation (or expansion of services) was inevitable and how these changes impact organizations evaluating MDRs. 

Key Highlights from 2024 

First a prediction from Gartner: “By 2028, 50% of findings from managed detection and response providers will be focused on, or include detail on, threat exposures, up from 10% today.” 

We believe this indicates that MDR services will evolve to provide coverage around prevention capabilities helping organizations identify vulnerabilities and risks to prevent threats and incidents from happening. Other additional updates you can read in the report include: 

  • More defined requirements of what constitutes an MDR broken down by Must-Have (Core), Standard, and Optional capabilities. 
  • An updated graphic showcasing the importance and consolidation of additional services into the MDR platform. 
  • A greater emphasis on organizations requiring MDRs be able to take mitigative response actions against threats and exposures on their behalf. 
  • “Gartner estimates that more than 600 providers in this market claim to offer MDR services.”  

Why Consolidation Matters 

MDRs were always bound to grow beyond just detection and response. Just look at how Gartner (and many people) define it: 

“Managed detection and response (MDR) services are those that provide customers with remotely delivered security operations center (SOC) functions.” 

In essence, MDRs help augment or supplement your existing security team by providing a variety of services to help you secure your environment. While they used to be reactive, beginning as a management service for Endpoint Detection and Response (EDR) tool alerts, MDRs overtime began to focus on other aspects of a security program. If the goal and purpose for an MDR is to help augment an organization’s existing SOC, then by definition it should help provide and cover other services beyond just threat monitoring and response. 

This expansion of services –often stemming from acquisitions or consolidation of other third-party offered services – helps better serve organizations. The cybersecurity skills shortage, with nearly 4 million more open jobs than available employees to fill them, is not going to be resolved any time soon. Companies need help with all aspects of their security program and MDRs expanding to offer more service capabilities help to better address those security gaps. 

How Consolidation Impacts Organizations 

Let's start with another question...how do organizations assess and wade through the hundreds of different MDRs to find the one that works best? For years, it was hard to distinguish between MDRs because feature to feature – 24x7 coverage, telemetry and alert ingestion and analysis, noise suppression, response – were just base capabilities every MDR was required to have. Whether to stand out, or because companies wanted MDRs to do more, MDRs began to offer additional services to better supplement their customer’s security team.  

This consolidation of services under MDR impacts organizations in two distinct ways. First, as highlighted throughout this article, MDRs expanding their services and feature offerings only helps security teams. The more MDRs can do, augment, or co-manage with security teams, the more they ease the burden and complexities of running a security operation to better protect organizations. Providing greater coverage around preventative capabilities helps to mitigate and reduce the risk of threats occurring, allowing internal security teams to focus on other important business initiatives. Secondly, consolidation impacts how companies view and assess MDRs. It provides more data points to compare across MDRs to determine which one will be a better fit overall. It also sets a distinct difference between standalone MDRs and security platform native MDRs.   

Security companies with their own platforms that already provide many of these capabilities will be ahead of the curve in offering the new services becoming part of MDRs – things like vulnerability/risk/exposure scanning and management, pen/malware/breach testing, digital forensics and incident response. It also means there will be better integration between the tools and the services when they are contained under one roof. 

How to Evaluate MDRs? 

As with most things, it starts with self-reflection. Utilizing a cybersecurity framework, such as NIST CSF 2.0, provides a clear understanding of the areas a security org is responsible for across hierarchical categories. Organizations should then honestly and transparently assess their internal coverage across each of those areas to identify strengths, weaknesses, and security gaps. This will help determine where an MDR can help supplement the work of an organization’s existing security team.  

Not all MDRs are good fits for every organization, but understanding the gaps that are present can help pair down the list of MDR vendors that would fit best. Also understanding the differences in MDRs, especially third party MDRs vs security platform native MDRs, will help with understanding which ones can provide the most benefit now and into the future. MDRs that are part of a full stack security platform are often better primed and ready to support teams with the variety of services and capabilities that are consolidating into the MDR space. For reference, Forrester’s recent Extended Detection and Response (XDR) Wave named Bitdefender a Strong Performer while Bitdefender also had one of the strongest performances in the recent MITRE Engenuity ATT&CK Evaluations for Managed Services. Bitdefender’s Gravity Zone Platform and MDR service combine to provide comprehensive and broad support for security organizations across a variety of areas of responsibility such as threat research and intelligence, posture management, exposure and risk assessments, malware testing, detection and response, and much more. 


The 2024 Gartner Market Guide for MDR helps provide a foundation for understanding the core capabilities of MDRs alongside the market direction the space is moving towards. This will help organizations in their journey as they begin to investigate and compare MDR vendors to pick the one that is the best fit. 

If you’d love to learn how Bitdefender's Gravity Zone Platform and MDR service pair together to bring you the most comprehensive security coverage reach out today. 

Gartner, Market Guide for Managed Detection and Response Services, Pete Shoard, Andrew Davies, Mitchell Schneider, Angel Berrios, Craig Lawson, 24 June 2024. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 



Kevin Gee

Kevin is the Principal Product Marketing Manager at Bitdefender. With a technical background, he excels at storytelling and messaging across a variety of cybersecurity fields.

View all posts

You might also like