MDR Companies. PHOTO: Cybercrime Magazine.

10 Hot MDR Companies To Watch In 2021

List of Managed Detection and Response Providers

David Braue

Melbourne, Australia – Jun. 4, 2021

In an era of improving network monitoring and security event reporting, it didn’t take long before the reality of big data became unmanageable — with the unending flood of security alerts causing logistical problems and existential crises for overworked security executives who suffer from worryingly high levels of burnout and job attrition.

While managed security services (MSS) offered some relief by letting a third party keep an eye on the enterprise dashboard, MSS providers (MSSPs) have evolved mostly as ways to offload mundane, everyday security tasks.

For companies wanting a more sophisticated enterprise response, managed detection and response (MDR) providers offer a more compelling, complete vision that starts with security event monitoring but expands into contextual analysis, investigation, and support for decision-making around the most appropriate response.

It’s a more holistic, human-powered approach to security outsourcing that delivers real benefits to companies that otherwise lack the skills and technologies needed to keep up. “Good MDR vendors have definitively avoided becoming the alert factories their MSS cousins became,” Forrester Research wrote in a recent analysis of an MDR sector where vice president and principal analyst Jeff Pollard wrote, “’MSSP’ has become a bit of a dirty word.”


Cybercrime Radio: MDR and Reducing Risk

Mark Sangster, Principal Evangelist & VP Industry Security Strategies at eSentire


Forrester has defined four key MDR capabilities: maturity of offerings gained over at least three years of operation; use of an endpoint detection and response (EDR) tool that was involved in a MITRE ATT&CK evaluation; support telemetry beyond an EDR tool; and provide detailed threat-hunting descriptions.

In short, MDR offerings not only identify potential security issues, but also describe them in detail and use that information to guide a quick response by a security operations center (SOC) filled with security expertise that you could never build in-house.

If MSS talks the talk, MDR walks the walk — which is why it has become an essential security capability delivering real benefits for companies that would otherwise be buried in the crushing output of standalone security tools.

When choosing an MDR provider, be careful to evaluate their capabilities in detail to ensure they’re not just an MSSP dressed in sheep’s clothing. Here are 10 of the most innovative MDR providers on the market at the moment:

  • Arctic Wolf, Eden Prairie, Minn. By leaning heavily on personalization — informed by a slew of network, endpoint and cloud monitoring tools that sniff out the details of your network to provide tailored protection — Arctic Wolf offers a highly specific MDR capability that combines detection and analysis technology with a 24×7 SOC that offers managed investigations, log retention and search, incident response, root cause analysis, and more.
  • CrowdStrike, Sunnyvale, Calif. CrowdStrike’s Falcon Complete MDR offering bundles its mature Falcon endpoint detection and response (EDR) platform with a dedicated 24×7 team of experts providing human expertise in incident response, digital forensics, real-time threat hunting, and threat intelligence.
  • Cybereason, Boston, Mass. Cybereason has taken a different approach to security monitoring, working at a higher level than security alerts by analyzing malicious operations (Malops) — and delivering one-click mitigation actions for all of your networks using data cloud, endpoint, network, and log data. Add a team of what the company calls ‘Cybereason Defender’ “with an offense mindset” and you’ll have immediate access to a response team when you need them.
  • eSentire, Waterloo, Canada. eSentire’s MDR capabilities tap the company’s machine learning-based cloud data platform to collect and analyze threat signals across cloud, on-premises and hybrid environments. Specialists in the company’s 24×7 SOC proactively move to shut down attacks on your behalf, with a claimed 15-minute response time and iterative improvements that tap the company’s extensive threat hunting expertise.


  • FireEye, Milpitas, Calif. FireEye’s Mandiant Managed Defense MDR offering combines what it calls “nation-grade threat intelligence” to analyze and prioritize network alerts, backed by a response team that detected the SolarWinds compromise and bundles its expertise into tailor-made packages providing 24×7 coverage, endpoint security protection, and MDR services designed specifically for industrial control system (ICS) and operational technology (OT) environments.
  • Rapid7, Boston, Mass. Rapid7’s MDR service taps a range of methodologies — including threat intelligence, proactive threat hunting, network traffic analysis, network flow data, deception technologies, user behavior analytics, and attacker behavior analytics — to guide the activities of a 24×7 threat-response team ready to quickly neutralize and respond to threats with a claimed 10-minute response time to contain users and endpoints.
  • Red Canary, Denver, Colo. With a cloud-based detection engine based around thousands of “behavioral analytic use cases” that qualify endpoint-based security alerts and map them to MITRE ATT&CK alerts before alerting you — minimizing the intervention required on your part. Alerts are tailored, contextualized and annotated by the 24×7 SOC team, which provides clear remediation plans with security consulting and incident response support as needed.
  • SecureWorks, Atlanta, Ga. Over 20 years of threat-intelligence analysis and research have shaped Secureworks’ Taegis ManagedXDR platform, which leans on Red Cloak’s Counter Threat Unit engine to support a managed response capability that not only delivers MITRE ATT&CK-mapped incident response but offers capabilities like live chatting with the 24×7 SOC specialists to ensure responses are managed as smoothly as possible.
  • SentinelOne, Mountain View, Calif. SentinelOne’s Vigilance Respond MDR leans on the company’s automated-storyline technology — which documents and correlates indicators of compromise (IoCs) to develop a unified response and remediation strategy — and a worldwide team of experts that promise an 18-minute mean time to respond (MTTR) anywhere in the world, 24×7.
  • Trustwave, Chicago, Ill. By tapping its network of thousands of managed security services partners, Trustwave MDR leverages the company’s Trustwave Fusion security platform and rich threat-intelligence data, and wraps it in detection and response capabilities from its SpiderLabs security research team. Services are tightly integrated with customer environments to provide visibility extending across endpoint, network, and cloud.

For more coverage of the MDR space, download Forrester’s Now Tech: Managed Detection and Response Services Providers, a Q4 2020 report with an overview of 42 MDR providers.

Forrester’s market analysis evaluates each service provider’s market presence and functionality. eSentire is among the large ($55 million in annual revenue) providers in the proactive hunter, investigator and responder specialists functionality segment.

“MDR is as much about people as it is about technology, and eSentire has some of the most talented cybersecurity leaders and practitioners in our industry,” says Steve Morgan, founder of Cybersecurity Ventures and editor-in-chief at Cybercrime Magazine.

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.


Sponsored by eSentire

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

eSentire provides complete, multi-signal Managed Detection and Response providing 24/7 cutting-edge protection against cyber attackers that bypass traditional cybersecurity controls.