Managed Detection and Response 101:
Why You Need It
Published: February 24, 2020
To keep up with an ever-changing cyber threat landscape, cybersecurity providers are constantly making adjustments by introducing new tools and techniques to protect data and networks. Currently, there is a shift to Managed Detection and Response (MDR) solutions from traditional Managed Security Services (MSS).
As the name implies, MDR is a managed model. It takes managed security a significant step further by combining people, processes and technology to identify and, more importantly, contain cyber-attacks. Delivered over the cloud, MDR provides 24x7 detection and fast response capabilities to security incidents. The service is fully managed by an expert provider, making it easier to control costs and spare security teams from added responsibilities.
Why you need managed detection and response services (MDR)
MDR leverages advanced technologies combined with human expertise to collect and maintain actionable intelligence, identify and alert on major security incidents, and then quickly respond to those that are a potential problem for the organization. Essential components of MDR include security information and event management (SIEM) technologies. MDR also includes endpoint detection and response, network detection and response, threat intelligence, user and entity behavioral analytics, and threat hunting capabilities.
MDR’s data collection and analytics capabilities help keep organizations up to date with protection against the latest threats. An MDR provider acts as your partner in security, continually updating threat intelligence and tuning its monitoring of your environment to deliver the protection, detection and response best suited to your particular business needs. The provider’s analysts and technology are able to identify previously unknown threats that can elude other security layers, such as firewalls and antivirus. Those tools rely on signatures of known viruses, Trojans, worms, ransomware variants and other types of malware to be effective.
While MDR employs advanced technologies such as machine learning to collect intelligence and stop threats, it also relies heavily on human expertise for threat hunting and to identify new threats. Human experts also play a key role in incident response, jumping into action to stop or contain the damage once they receive a qualified alert.
Managed Detection and Response Scenarios
MDR is compelling for organizations for multiple reasons. Because it is a managed service, you needn’t invest in pricey on-premises SIEM solutions that require ongoing attention and training from your cybersecurity team. SIEM solutions get fairly complex and expensive to run, especially in organizations with multiple locations and hybrid environments. So the advantage over on-premises SIEM comes down to cost and management.
If you already leverage managed security services, MDR might seem unnecessary because you believe you have all the security your organization needs. But managed security service providers by and large focus on configuring security tools and round-the-clock monitoring. They typically do not offer the threat intelligence and rapid response capabilities of MDR. So unless you have that expertise in-house, you need MDR.
Even organizations with internal cybersecurity teams can benefit from MDR. Consider a scenario in which a small security team manages the basics, such as analyzing logs and implementing security patches, but doesn’t have the wherewithal to handle critical activities to stop advanced threats. It would make sense to outsource threat hunting, detection and response to an experienced MDR provider to round out the organization’s security strategy. It cost less than hiring more security experts, especially since there is a cybersecurity worker shortage of nearly 4 million.
In another scenario, a multinational company has its own Security Operations Center (SOC) and security team but lacks the budget for threat hunting. Since the company cannot afford to ignore this critical function, or hire the help it needs, it can turn to an MDR provider to fill the gap. An experienced provider also can guide the organization in building a robust, end-to-end protection strategy that focuses on overall risk reduction.
What to look for in a provider
While the security industry looks for a universally agreed upon definition of MDR, many vendors are beginning to market services as MDR offerings. However, their services may not deliver on everything you really need. When evaluating MDR providers, look for ones whose offerings include the essential components outlined above and a vision for building in more capabilities as customers’ needs and the market shifts. An ideal provider should have a broad portfolio of manage and professional services and offer flexible pricing models based on factors such as the number of users you’re protecting and the volume of data you want the MDR service to ingest so that you can scale up, scale down or modify as your business needs change. Finally, look for ones with proven track records in delivering global-scale 24x7x365 services and protection. While no security approach is 100 percent foolproof, this level of MDR service will feature the most efficient, up-to-date and relevant protection for your business so that you can concentrate on helping to grow your bottom line.
Click here for more information on Managed Detection and Response services.