5 Things MSPs Need To Know About Cloud Detection And Response

First we had EDR, then MDR, then XDR—and now CDR?

Is cloud detection and response (CDR) the next important solution for MSPs to add to their security offerings or just another new acronym joining the alphabet soup of detection and response (endpoint, managed, extended) capabilities? Or is it more like zero trust—not one single solution but a comprehensive model with a combination of technologies and strategies?

Forrester defines CDR as: “The detection of and response to cyberattacks on detection surfaces in the cloud control plane, data plane, and management plane. This includes one or more cloud-native tools that prioritize security analyst experience for high-quality detection, complete investigation, and fast and effective response to cloud attacks.”

Forrester principal analyst Allie Mellen writes in a blog post that CDR is “not a single tool or service. There are many tools that incorporate cloud detection and response as part of what they do.”

Current tools and solutions that offer some elements of CDR include CASB (cloud access security broker), SASE (secure access service edge), SIEM (security information and event management), SOAR (security orchestration, automation, and response), CWPP (cloud workload protection platform) and CNAPP (cloud-native application protection platform).

And unlike EDR/MDR/XDR, which focus on the network and the device, CDR focuses on securing the user, says Jim Lippie, founder and CEO of SaaS Alerts, a CDR provider.

Regardless of its definition, Forrester’s report, The Comprehensive Guide to Cloud Detection and Response, declares: “Cloud detection and response is the next and most important frontier for security operations teams.”

Here are five things MSPs need to know about CDR today:

1. Bad Actors Are Making CDR Increasingly Important

Cloud resources are now the leading target for bad actors who are prioritizing SaaS applications (31%), cloud storage (30%), and cloud management infrastructure (26%), according to the 2024 Thales Cloud Security Study. With SaaS applications specifically, the most common attack tactic is phishing, with bad actors sending deceptive messages designed to fool an end user into providing SaaS application credentials.

    2. CDR May Fill A Gap In Coverage

    SaaS security has become a top priority for 80% of organizations, according to the Cloud Security Alliance (CSA). However, CSA data also finds that 65% of organizations struggle with tracking and monitoring risks from third-party integrated apps and rectifying SaaS misconfigurations. In addition, more than half (58%) of organizations estimate their current SaaS security solutions only cover 50% or less of their SaaS applications.

    3. CDR Solutions Enhance Visibility Across Cloud Environments

    Cloud environments are inherently dynamic, with workloads, containers, and services frequently changing. CDR solutions provide MSPs with continuous monitoring and deeper visibility across cloud platforms—AWS, Azure, Google Cloud Platform (GCP). This allows MSPs to detect potential threats like misconfigurations, unauthorized access, and anomalous behavior in real time.

    4. CDR Solutions Reduce Manual Intervention

    Incident response in the cloud is often complex and time-sensitive. CDR solutions offer automated response capabilities, such as isolating compromised instances, rolling back changes, and alerting the security team. For MSPs, this reduces the burden on security analysts and minimizes the risk of human error, ensuring quicker and more effective threat containment.

    5. CDR Solutions Can Scale

    Cloud environments can range from small setups to extensive multi-cloud architectures. Many CDR solutions are inherently scalable, allowing MSPs to offer tailored threat detection and response services to clients of various sizes and industries. This flexibility helps MSPs expand their service portfolio, addressing the unique security requirements of SMBs and midmarket firms.

    Being Prepared

    While neither Forrester nor Gartner identify cloud detection and response as a discrete market category today, it will clearly be a capability MSPs will need to add to their services as more and more businesses shift further from on-prem to cloud and SaaS.

    “We are actually performing cloud detection and response today” through an MDR platform that also monitors cloud assets, says Wayne Hunter, CEO and cofounder of AvTek Solutions, an MSP in Allen, Texas. “Many MSPs are doing it already even though they are not advertising it that way.”

    AvTek, which specializes in serving the banking industry, tends to follow the security frameworks, Hunter says. “When I look at how those frameworks call out the requirements, I don’t see CDR; I see EDR/MDR/XDR, and so I stick to those terms because that is what auditors are looking at. Now, if a framework starts calling out CDR … we’re already prepared for it.”

    Share:

    Author:

    Colleen Frye

    Colleen Frye is executive editor of MSP Success. A veteran of the B2B publishing industry, she has been covering the channel for the last 17 years.

    RELATED ARTICLES

    Get The #1 Media Source For MSPs!
    Thousands Of MSPs Trust
    MSP Success Magazine
    For The Best Industry News, Trends And Business Growth Strategies. Subscribe now!
     

    Upcoming Events

    Stay Up To Date

    Thousands Of MSPs Trust
    MSP Success Magazine
    For The Best Industry News, Trends and Business Growth Strategies

    Never Miss An Update