How managed detection and response can bolster security in an increased threat landscape
The digital operating environment has made doing business easier, yet this dependence has opened the floodgates for malicious cyberattacks. Last year, the Australian Cyber Security Centre (ACSC) received over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year.
Amid this growing threat landscape, organisations across the board are struggling to recruit the right cyber talent. The question remains as to how companies can undertake proactive threat detection and response in the current environment.
Cybersecurity has evolved from securing endpoints and managing firewalls, and organisations must be more alert and ready to immediately respond. While technologies such as extended detection and response (XDR) and security information and event management (SIEM) can help detect threats and facilitate investigations, they alone are insufficient for organisations to stay ahead.
Increasingly, organisations are turning to managed detection and response (MDR) services to rise to the cybersecurity challenge. Yet, there is often confusion in the industry about what MDR services should include. Before investing, it’s important to understand the true value that MDR services can deliver.
Getting the most out of security spend
Even with an unlimited budget, the effort and expertise needed to establish 24/7 threat detection and response capabilities in-house can be overwhelming. Deploying and properly configuring complex technologies like XDR and SIEM platforms across many endpoints, servers, clouds, and networks can often take months.
An experienced MDR provider can dramatically reduce the time-to-value for cybersecurity solutions. By leveraging endpoint detection and response (EDR) agents that can be rapidly deployed and the XDR evolution of EDR that includes out-of-the-box integrations with cloud infrastructure solutions, a good MDR provider can be running in a matter of hours, ensuring fast protection from emerging threats.
Many organisations make the mistake of buying top-of-the-line cybersecurity technologies without the expertise and resources to properly deploy them. A good MDR provider brings a wealth of experience, as well as round-the-clock monitoring and global threat intelligence from other clients, providing an instant boost to organisations’ cybersecurity capabilities and coverage.
To keep pace with today’s advanced threats, effective detection and response requires a sophisticated mix of people, process, and technology. Knowing what to look for in an MDR provider will help set up organisations for success.
Six considerations when partnering with an MDR provider:
- Technology: As businesses continue to migrate to the cloud, the number of potential risks, vulnerabilities, and entry points increases. Organisations should look for an MDR provider that is experienced with XDR and SIEM technologies to bring together threat telemetry and forensic data from broader IT infrastructure, including networks, email, and cloud infrastructure.
- Detection: It's important to look at how an MDR provider detects threats. Is it human-led, hypothesis-driven, or is it merely automated searching? Threat hunting must involve proactively exploring and interrogating systems for their current state as well as historical data. A quality MDR partner should combine human-led threat hunting with 24/7 monitoring and real-time analysis and investigations.
- Response: To get more value from MDR services, look for a provider that responds to threats by containing them and keeping them from spreading further. They should be able to act remotely on endpoints, within the network, or other applications to isolate systems and stop threats in their tracks.
- Research capabilities: Threat intelligence is often the foundation for effective detection and threat hunting. Look for an MDR provider with an active research arm that can incorporate other cyberthreat intelligence to benefit from the latest information on emerging threats around the globe.
- Field-tested experience: It’s crucial to ensure an MDR partner has adequate field-testing experience. Hasty responses can result in negative consequences like shutting down systems and business processes unnecessarily.
- Culture: While it’s often overlooked, it’s important to determine if a provider will provide a long-term partnership. Consider their operating model, industry reputation, and how they will integrate with the team.
With the ever-evolving threat landscape, having a quality MDR provider can provide assurance to organisations. Their experience means they can actively interrogate endpoints, conduct threat research and hunting, perform forensic investigations, and quickly respond to incidents to mitigate their impact. They bring important insights and contextual knowledge about threats and vulnerabilities that enable them to be more effective Lastly, their expertise on complex cybersecurity technologies and tools lets them optimise organisations’ existing investments to improve return on investment.