Attacks do not keep office hours. Most security teams do. Round-the-clock monitoring means trained analysts on every shift, and those analysts are scarce, expensive, and quick to burn out. For a small or mid-sized company, a full operations center is out of reach. So many stopped trying to build one and started renting it.
That is managed detection and response: a provider runs the monitoring, triage, and first response from its own SOC, for companies that cannot run their own.
It is less a product than a way to buy SOC capacity, and it comes in a few shapes depending on how many teams you already have. Some providers are the whole SOC. Some work alongside an in-house team. Much of the small-business market reaches customers through the managed-service providers that already run their IT.
The 2026 Cybersecurity Stars Awards map to that spread. Two winners managed extended detection and response, MDR widened past endpoint alerts to pull in more of the environment.
ArmorPoint won for a managed platform covering endpoint, network, and cloud. Ontinue won for a co-managed version built to extend an in-house team rather than replace it.
The harder part of the market is the small business that gets attacked but has no security staff, and that coverage usually arrives through its IT provider. Guardz won in managed detection and response for a platform built for the MSPs that protect hundreds of small customers at once. ThreatDown won for MDR that pairs detection with response, so a lean team is not left holding the alert alone.
Strip away the platforms, and an MDR provider is a room of analysts working the three-in-the-morning shift. Huntress was named SOC Team of the Year for a round-the-clock, AI-assisted operations center. Automation clears the noise; a human still makes the call.
For a security leader, the question is no longer whether a SOC earns its keep. It is whether to build one, rent one, or split the work, and how much control you give up: what a provider may isolate, when it escalates, and how much you still see.
The winners here answer it differently. The premise they share is the one most companies have already accepted: you do not have to run the SOC yourself to have one.
The complete list of 2026 Cybersecurity Stars Awards winners is live at awards.thehackernews.com/winners/2026.
Part of The Stars Briefing, our editorial series on the trends behind the 2026 Cybersecurity Stars Awards, a program The Hacker News runs. This piece analyzes where the field is moving and uses the winners as examples. It is not a product review.