When it comes to cybersecurity, organizations are moving away from prevention-only approaches, and focusing more on detection and response. The shift to this approach "spans people, process and technology elements and will drive a majority of security market growth over the next five years.,” says Gartner’s principal research analyst, Sid Deshpande. Of course it doesn’t mean that prevention techniques aren’t still an important part of your security program. But it “sends a clear message that prevention is futile unless it is tied into a detection and response capability.”
In theory, maturing your incident detection and response capabilities with the incorporation of a sound threat hunting methodology makes sense. Practically speaking, this can be a daunting task, especially if you’re faced with limited budgets and competing priorities, as many small to mid-sized businesses (SMBs) are.
As a result, many organizations are turning to Managed Threat Detection and Response (MDR) services that utilize threat hunting techniques for a reliable and cost-effective solution. Partnering with MDR providers allows businesses to focus on their core competencies and leverage all the cybersecurity advantages that remain so elusive when attempting to bring this critical functional responsibility in-house. Here are just a few.
Advanced threat detection cannot happen by algorithm alone, it takes a highly skilled professional trained in identifying sophisticated indicators of compromise. The reality is that these cybersecurity professionals are in short supply. It’s a steep challenge for SMBs to recruit and retain skilled security analysts. And things are only going to get worse. In a recent report, Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity jobs by 2021.
MDR service providers allow organizations to benefit from cybersecurity domain expertise without the need to invest in training, development, or headcount.
In 2017, cyber-attacks happened at double the rate than they occurred in 2016. Cybercriminals continue to refine their techniques to affect more computers and devices than ever before, and this trend is sure to continue. Access to real-time cyber threat intelligence is a critical aspect of minimizing risk exposures. Keeping up-to-date with the rapid pace of change of the external threat environment is an on-going and time-consuming responsibility. Many SMBs don’t have the time or resources to devote to the task, which makes MDR providers an attractive alternative.
For example, let's take a look at nDiscovery, Sage's MDR service, where the threat intelligence value we bring to the table is two-fold. First, our dedicated security analysts are constantly combing the latest threat intelligence from public and private data repositories, then incorporating that intelligence in our threat hunting methodology. In addition, we have access to a larger pool of cyber events from our clients, which we can translate into actionable intelligence and deliver value that organizations couldn’t produce performing this sophisticated task on their own. Intelligence gained from working with a broad spectrum of industries is one of the reason we can detect new threats before automated tools even know they exist.
24 x 7 Monitoring
Cyber-attacks can happen at any time, but most SMBs don’t have the resources to build their own 24 x 7 SOC. While many traditional technologies offer automated alerting 24 x 7, this will only advise you of known threats. As soon as something suspicious is detected, it's reassuring knowing that a skilled professional is available for immediate confirmation, interpretation, and guidance to assist with the response effort.
This is exactly what a MDR provider can deliver to SMBs.
Log analysis – which is part of any sound threat detection methodology – is also an integral part of complying with a number of cybersecurity compliance standards, including HIPAA, GLBA, and PCI. To be in compliance businesses must monitor their log files regularly, maintain an audit trail of log monitoring activities, and provide the necessary audit reports.
This can be a daunting task for many SMBs because a typical environment generates millions of log every day. It’s very difficult to keep up with the sheer volume of data. While not all MDR providers offer this, finding one that does, can take this burden off the organization, and save a great deal of time… and money.
Incident Confirmation and Containment
Automated threat detection systems, like SIEMs, are known for generating false positives for events that represent normal usage, not threats. A Ponemon Institute study found that organizations received about 17,000 malware alerts every week, only 19% of which were reliable. This can translate into a great deal of wasted time for IT teams who don’t’ have specialized cybersecurity skills. A Managed Threat Detection and Response service greatly reduces the number of false positives, and enables you to focus on what’s important.
Proper incident response is an integral part of your overall security policy and risk management mitigation strategy. When an incident occurs, organizations need to know what happened, the extent of the damage, and how to drive an effective resolution effort. Partnering with an MDR provider that can confirm when an incident occurs, explain the details of what happened, and suggest remediation recommendations will improve your response capabilities immensely.
Daily analysis of your network traffic, including log monitoring and endpoint analysis, is the only way to stay on top of the ever-evolving threat environment. If you’re like many SMBs, and are struggling with the daily demands – whether due to gaps in technology, manpower, or expertise – a Managed Threat Detection and Response service, like nDiscovery, could be a great fit for your organizations.