Climbing the Kill Chain: Insights from the Gartner Market Guide for Managed Detection and Response Services

Last week, Gartner released the 2019 edition of their Market Guide for Managed Detection and Response Services1. This new edition marks the fourth straight year that eSentire has been named as a represented vendor. As the company who pioneered the Managed Detection and Response (MDR) category, the Gartner Market Guide for Managed Detection and Response Services is always one of our favorite reads because it provides insight into the market we helped to create.

According to Gartner, market demand for MDR services continues to climb and expects that “by 2024, 40% of midsize enterprises will use MDR as their only managed security service.” This prediction of growth is underscored by the fact that “Gartner observed a 35% growth in inquiries on the topic over the last 12 months and estimates the market grew 15% year over year to approximately $500 million in 2018.”

As the global leader in Managed Detection and Response, that news is great for eSentire, but one of the more interesting takeaways from the Market Guide for Managed Detection and Response Services is  “Gartner estimates that there are now over 100 providers visible in this market claiming to offer MDR services.” While the number of providers is increasing, Gartner states that “the MDR label is being co-opted by service providers that demonstrate few, if any, of the characteristics defining the MDR market and are more aligned to the MSS market.”

If looking at MDR providers, the ability to both detect and respond to threats seem like table stakes, but as Gartner correctly points out, not all MDR providers are created equally.

When it comes to detection and response, many providers claim they can do both in a timely manner, but timeliness should not be the only consideration. Perhaps an even more critical concern is where an MDR provider can detect and contain threats.

Gartner points out that “few MDR providers are moving up the kill chain to detect threats in the delivery or exploitation phases, such as by monitoring email for delivery of binaries to end users.” For those unfamiliar with the Cyber Kill Chain, it was originally conceived by computer scientists at military contractor Lockheed Martin in order to provide a framework to identify the series of steps that an adversary must complete to achieve their objectives.

As threat actors continue to evolve their tactics and techniques across the kill chain, MDR providers must be able to keep up. Since launching our first managed security offering in 2008, eSentire’s Managed Detection and Response offerings has continually evolved so that we can detect and respond to threat actors earlier and earlier in the kill chain.

Want proof? The chart provides a visual alignment of how eSentire’s Managed Detection and Response services align to each stage of the kill chain with details on depth and breadth of visibility.


The insight to ask your prospective MDR provider where they can detect and respond to threats in the kill chain is just one of the revelations that Gartner shares in the new edition of their Market Guide for Managed Detection and Response Services. If you are considering purchasing an MDR service for the first time, want to learn more about the market in general, or are thinking about making a change away from your MSSP, the document is a highly recommended read.

You can download a complimentary copy of the Gartner Market Guide for Managed Detection and Response Services from:

 1Gartner Market Guide for Managed Detection and Response Services, Toby Bussa, Kelly Kavanagh, Sid Deshpande, Craig Lawson, Pete Shoard, 15 July 2019

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Article Link: