How long does it take for threat actors to move from initial access to lateral movement? Days? Hours? Unfortunately, the answer for many organizations is increasingly “minutes.” In fact, at 48 minutes, the average breakout time in 2024 was 22% shorter than the previous year, according to one report. Adding to the concerns is another figure from the same report: mean time to contain (MTTC) cyberattacks was usually measured in hours.
This is a race against time that many organizations are losing. Fortunately, adversaries do not hold all the cards, and network defenders can hit back. By investing in top-tier managed detection and response (MDR) from a trusted partner, IT teams gain access to an expert team working round the clock to rapidly discover, contain and mitigate incoming threats. It’s time to get in the fast lane.
Why do you need MDR?
The MDR market is expected to grow at a CAGR of 20% over the next seven years to exceed $8.3 billion by 2032. This is a direct response to developments in the cyber-landscape. Its growing popularity among IT and security teams can be traced to several critical, interconnected factors:
Breaches are hitting record levels
According to the U.S. Identity Theft Research Center (ITRC), there were over 3,100 corporate data compromises in the US last year, impacting a staggering 1.4 billion victims, and 2025 is on track to break records again.
The financial fallout is just as dire – the latest IBM Cost of a Data Breach Report tallied the cost of an average data breach at $4.4 million today. In the US alone, however, the cost is far higher – $10.22 million on average.
The attack surface continues to grow
Businesses still support large numbers of remote and hybrid workers. And they are investing in cloud, AI, IoT and other technologies to gain competitive advantage. Unfortunately, these same investments – and the continued growth of supply chains – also increase the size of the target for adversaries to aim at.
Threat actors are professionalizing
The cybercrime underground is increasingly awash with service-based offerings that lower the barriers to entry for everything from phishing and DDoS to ransomware and infostealer campaigns. According to UK government experts, AI will offer even more new opportunities for the bad guys to increase the frequency and intensity of threats.
It’s already helping them to automate reconnaissance, and detect and exploit vulnerabilities faster. One study claims to have recorded a 62% reduction in the time between a software flaw being discovered and its exploitation.
Skills and resource shortages continue to grow
Defensive teams have been understaffed for some time. The global shortfall in IT security professionals is estimated at over 4.7 million. And with 25% of organizations reporting cybersecurity layoffs, business leaders are in no mood to spend big on talent and equipment for a Security Operations Center (SOC).
Why speed matters in MDR
Outsourcing in this context makes total sense. It’s a lower cost (especially in capex) way to deliver 24/7 threat monitoring and detection, including proactive threat hunting, from a dedicated expert team. This not only helps to overcome skills shortages, but also ensures rapid, round-the-clock protection. That can deliver peace of mind, particularly at a time when 86% of ransomware victims admit they were struck at weekends or on a public holiday.
Speed is important in this context because it can help to:
- Minimize attacker dwell time, which currently stands at 11 days, according to Mandiant. The longer adversaries are allowed to stay in your network, the more time they have to find and exfiltrate sensitive data and deploy ransomware.
- Quickly contain the “blast radius” of an attack, ensuring compromised systems/network segments are isolated, and thereby prevent a breach spreading.
- Reduce the costs involved in serious breaches, including downtime, remediation, brand reputation, notification, IT consulting, and possible regulatory fines.
- Keep regulators happy by demonstrating your commitment to fast, effective threat detection and response.
What to look for in MDR
Once you’ve decided to enhance your security operations (SecOps) with an MDR solution, attention must turn to buying criteria. With so many solutions on the market, it’s important to find the one right for your business. At a bare minimum, you should look for:
- AI-powered threat detection and response: Intelligent analytics to automatically flag suspicious behavior, use contextual data to improve alert fidelity, and automatically remediate where necessary. That’s the way to accelerate investigations and fix issues before adversaries have a chance to do any lasting damage.
- A trusted team of subject-matter experts: As important as the technology is, the people behind your MDR solution are arguably even more so. You need enterprise-grade SOC expertise that works like an extension of your IT security team to handle daily monitoring, proactive threat hunting and incident response.
- Leading research capabilities: Vendors that run renowned malware research labs will be best placed to stop emerging threats, including zero days. That’s because their experts are researching new attacks and how to mitigate them every day. This intelligence is invaluable in an MDR context.
- Personalized deployment: A customer assessment before each new engagement ensures the MDR provider understands your unique IT environment and security culture.
- Comprehensive coverage: Look for XDR-like capabilities across endpoint, email, network, cloud and other layers, leaving adversaries no room to hide.
- Proactive threat hunting: Periodic investigations to find threats that may have eluded automated analysis, including sophisticated APT threats and zero-day exploitation.
- Speedy onboarding: Once you’ve chosen a provider, the last thing you need is to be waiting weeks until you can benefit from protection. Detection rules, exclusions and parameters should be correctly configured before starting.
- Compatibility with other tools: Detection and response tools should work seamlessly with your security information and event management (SIEM), and security orchestration and response (SOAR) tooling. These should be offered by the MDR vendor or via APIs out to third-party solutions.
The right MDR will add an invaluable layer to your cybersecurity environment where it can support a prevention-first approach to security focused primarily on stopping malicious code or actors from damaging your IT systems. That means using also server, endpoint and device protection, vulnerability and patch management, and full-disk encryption, among other elements. With the right blend of human and artificial intelligence, you can accelerate your journey to a more secure future.