Bloor analyzed the most often cited MDR providers delivering technology-agnostic services and named Kroll a Champion.

Nearly three years since Bloor Research analyzed the managed detection and response (MDR) landscape, its 2023 MDR Market Update shows a maturing market sector where vendors go beyond endpoint detection and response (EDR) to ingest a variety of telemetry, including cloud services, and develop more robust incident response (IR). Given this perspective, Bloor identified Kroll Responder MDR as a Champion amongst 12 leading providers.

Bloor Managed Detection Response 2023 Market Update

Source: Bloor MDR 2023 Market Update. The highest scoring companies are nearest the center . The analyst then defines a benchmark score for a domain- leading company from their overall ratings and all those above that are in the Champion segment. Those that remain are placed in the Innovator or Challenger segments, depending on their innovation score. The exact position in each segment is calculated based on their combined innovation and overall score.

“Kroll's robustness of service, especially in the areas of incident response and preparedness, sets it apart from competitors. Powered with frontline threat intelligence and benefitting from many strategic partnerships, the technology-agnostic Kroll Responder is a strong offering in the managed detection and response market. By complementing this with some important acquisitions, Kroll has established itself as a major cybersecurity player.” - Fran Howarth, Practice Leader at Bloor Research

In its first MDR market guide, Bloor had identified vendors that offered services specifically for their own technology versus what they called “pure-play” vendors, which offered services against a variety of technologies (in an agnostic format). There were also many managed security service providers trying to break into the MDR market. In this new market update, Bloor Research focused on technology-agnostic providers most often cited by end users and rival providers as leaders in the market.

Distinctions amongst MDR vendors cited in Bloor’s MDR Market Update are also a big source of confusion amongst buyers and a topic we addressed in our MDR buyer’s guide. In the buyer’s guide, we state, “Clients benefit from a multi-disciplinary approach to MDR that is inherently flexible, scalable, efficient and effective for the long run,” which underscores the findings in Bloor’s Market Update that technology-agnostic providers can more easily adjust and grow along with clients’ needs and the threat landscape.

Key MDR Market Developments

Bloor identified five key developments since its first MDR market analysis. Below is a summary of each:

Trend

 Bloor Summary

Kroll Comments

Expanding telemetry

“Telemetry from multiple sources is key to providing visibility across the entire network and expanding available attack surface management.”

We integrate seamlessly with your existing technology stack (SIEM, EDR, NDR, cloud, etc.) to provide the SOC visibility triad: network, endpoint and SIEM/UEBA 

Major focus on cloud services

“Most MDR providers are looking to support demand for hybrid and multicloud deployments.”

Expanded telemetry coupled with our IR expertise and frontline intel creates enhanced detection, hunting and containment capabilities.

Expansion of identity management services

“Credentials are a prime target for many attackers, especially in terms of social engineering attacks, with some providers beginning to offer managed security awareness services.”

Kroll MDR can ingest telemetry from Azure AD and run crucial identity detections such as impossible travel and brute force attacks. Kroll also delivers Security-Culture as-a-Service (SCaaS) to help increase clients’ security awareness.

More providers catering for the midmarket

“Many cite the increasing uptake of MDR capabilities from Microsoft, which is seeing growth that is fourfold, and uptake is high in the midmarket. In particular, Office 365 is seen as a risk, and many organizations are looking for help with their deployments.”

As a Gold Microsoft Partner and a member of Microsoft’s Intelligence Security Association, Kroll Responder MDR for Microsoft can enrich existing telemetry and meet midmarket demands. In addition, our extensive relationships with cyber insurance brokers and carriers help midmarket firms package their subscription more efficiently.

More focus on risk management

“In part, this is driven by the expansion of digital footprints from external sources and the need for greater visibility of third-party risk as supply chain attacks continue to grow”

Our MDR clients benefit from dark web monitoring and digital risk protection. We also have extensive expertise with insider threat incidents, which have been growing in complexity and popularity.

Much greater emphasis on incident response

“Much greater emphasis on incident response “This is an area that many felt was lacking, with threat detection having been a greater area of focus. MDR providers are responding by ramping up their capabilities.” Responder consumes and filters intelligence directly from the thousands of incident responses we conduct each year. Our response goes as far as you need it to, closing the gap between merely containing the threat to actively removing it across all affected systems.

Responder consumes and filters intelligence directly from the thousands of incident responses we conduct each year. Our response goes as far as you need it to, closing the gap between merely containing the threat to actively removing it across all affected systems.


On the “Response” Side of Managed Detection and Response

When acknowledging clients’ increased demand for incident response, Bloor’s 2023 MDR Market Update states most providers are “increasing automation, especially for mundane tasks.” They also state, “Many MDR providers are expanding their playbook offerings, which offer a guided response for different types of incidents, including steps that should be followed.” However, Bloor correctly points out that human expertise is still essential, and buyers should look closely at the level of response the provider is able to deliver and the provider’s level of in-house expertise.

Unlike other providers that are scrambling to increase their IR capabilities and focusing on limited, automated tasks, Kroll remains one of the largest IR providers in the world with over 3,000 incidents investigated every year. We built our MDR solution around our IR capabilities, so clients can benefit from our complete response suite.

We’re so confident in our MDR services that we offer a complimentary $1 million incident protection warranty. The warranty has no vendor-specific hardware or software requirements and can cover costs such as ransomware, business email compromise and more.

The Bloor MDR Market Update 2023 is available for download on this page.

Download the Report



Cyber and Data Resilience

Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.


24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Malware and Advanced Persistent Threat Detection

Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.

24/7 Managed SIEM Services

Detect and shut down threats faster with Managed Security Information and Event Management (SIEM) management from Kroll. Gain true insight into threats with real-time threat monitoring for visibility of security events throughout your organization’s network.


Incident Response Tabletop Exercises

Kroll’s field-proven incident response tabletop exercise scenarios are customized to test all aspects of your response plan and mature your program.