In previous years, we released two separate annual incident reports: one from our Managed Detection and Response (MDR) team and one from the Incident Response (IR) team. You can see such statistics for 2024: MDR Report and IR Report.
But this year, we’ve combined them into one report — and now we’ll explain why.
The incident statistics from our MDR clients already provide a fairly good picture of the real threat landscape, since our clients are located in many countries around the world and across all sectors of the economy. Based on this statistics over different periods, it’s even possible to predict some trends for the near future.
However, for a more detailed study of threats, it’s desirable to observe them at all stages. But in the context of MDR, this is not possible, since malicious activity is detected and prevented by this service at an early stage of the attack, before it can cause harm.
On the other hand, in the IR service, the situation is reversed: when clients turn to this service, damage has often already occurred, and during the investigation, it’s often possible to reconstruct all stages of the attack.
And in the vast majority of cases, the client bases of MDR and IR do not overlap. After all, good MDR work, provided there is complete coverage of the infrastructure, consists of not allowing the stage of the attack to occur when IR is needed. On the other hand, the fact of calling IR, especially when there is already damage, means either the absence of MDR or problems with coverage.
Therefore, we can confidently say that the incident statistics of MDR and IR cover both possible profiles:
— infrastructures protected by MDR, where attacks were detected and prevented at an early stage, and made it into MDR statistics,
— infrastructures without MDR or those where incidents were missed and did not make it into MDR statistics, but made it into IR statistics.
So, combining MDR and IR statistics provides a better understanding of current and emerging threats. How this turned out in detail — see in our global report.
