In today’s fast evolving and ever more dangerous cyber security environment, organisations need to be thinking about more than just ‘technology’ as they endeavour to properly fortify their systems and business processes.
In today’s fast evolving and ever more dangerous cyber security environment, organisations need to be thinking about more than just ‘technology’ as they endeavour to properly fortify their systems and business processes.
Of course, choosing the right cyber security technologies remains a critical decision for CIOs, CSIOs and the like, but it needs to be balanced with robust strategies to ensure constant vigilance and rapid response.
The concept of managed detection and response (MDR) has been part of the cyber security discussion for several years, but it has been gaining more airtime since the onset of COVID-19 triggered a sharp rise in the volume and sophistication of attacks.
Among the key trends observed by cyber security analysts over the past 20 months or so, is that malicious actors have become increasingly targeted in their approach, relying less on technology themselves, and observing their prey more closely to find and exploit vulnerabilities in real-time.
This has seen the critical response time window shrink dramatically.
While many organisations took days to respond to cyber threats in the 2000s – down from weeks and even months in the 1990s! – by the 2010s it was down to hours.
Today, organisations that don’t have a strategy implemented to identify and act against cyber threats within minutes are exposing themselves to unacceptable risks.
This is why MDR is fast becoming the leading methodology for helping organisations counter this approach with great vigilance and active ‘human’ intervention.
So what are the essential elements of MDR?
Gartner defines MDR like this:
“Managed detection and response (MDR) providers deliver 24/7 threat monitoring, detection and lightweight response services to customers leveraging a combination of technologies deployed at the host and network layers, advanced analytics, threat intelligence, and human expertise in incident investigation and response.”
It goes on to state that true MDR providers undertake incident validation while offering remote response services like ‘threat containment’ and also lend support to customers that have been compromised, to help restore their environments to some form of known good.
Forester notes that MDR should also prioritise the creation of small ‘squads’ with specific vertical expertise and cultural fit to ensure a highly customised delivery experience.
It stresses that detection is the most important superpower for organisations to harness, optimised by properly combining strong hunting methodologies with organic threat intelligence capabilities that take indicators from an active incident in one client and apply them to multiple endpoints at scale.
“Organisation need their MDR provider to sync with their security technology stack, and specialize in specific types of detection and response activity.”
Breaking things down to their core elements, organisations have three key challenges to overcome as they seek to develop an effective MDR strategy:
All of this assumes that MDR providers continuously collaborate with their clients, and that they’re able to respond quickly and effectively.
Also that they’re able to help organisations fully understand their adversaries, using a combination of automation and visibility accessibility tools with active threat hunting to uncover stealthy tradecraft as it’s happening.
Chat with an Enablis security expert today about protecting your remote workers and data or Click here to download the report for recommendations to protect your business against current and emerging threats.