How managed detection and response can bolster security

Trustwave Holdings Inc

By Jason Whyte, general manager for Pacific, Trustwave
Friday, 11 November, 2022


How managed detection and response can bolster security

The digital operating environment has made doing business easier, yet this dependence has opened the floodgates for malicious cyber attacks. Last year, the Australian Cyber Security Centre (ACSC) received over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year.

Amid this growing threat landscape, organisations across the board are struggling to recruit the right cyber talent. Globally, there is a shortage of nearly 3 million professionals, and to bridge gaps, Australia may need around 16,600 additional cybersecurity workers by 2026. The question remains as to how companies can undertake proactive threat detection and response in the current environment.

Cybersecurity has evolved from securing endpoints and managing firewalls, and organisations must be more alert and ready to immediately respond. While technologies such as extended detection and response (XDR) and security information and event management (SIEM) can help detect threats and facilitate investigations, they alone are insufficient for organisations to stay ahead.

Increasingly, organisations are turning to managed detection and response (MDR) services to rise to the cybersecurity challenge. Data estimates that 50% of organisations will be using MDR services by 2025. Yet, there is often confusion in the industry about what MDR services should include. Before investing, it’s important to understand the true value that MDR services can deliver.

Getting the most out of security spend

Even with an unlimited budget, the effort and expertise needed to establish 24/7 threat detection and response capabilities in-house can be overwhelming. Deploying and properly configuring complex technologies like XDR and SIEM platforms across many endpoints, servers, clouds and networks can often take months.

An experienced MDR provider can dramatically reduce the time-to-value for cybersecurity solutions. By leveraging endpoint detection and response (EDR) agents that can be rapidly deployed and the XDR evolution of EDR that includes out-of-the-box integrations with cloud infrastructure solutions, a good MDR provider can be running in a matter of hours, ensuring fast protection from emerging threats.

Many organisations make the mistake of buying top-of-the-line cybersecurity technologies without the expertise and resources to properly deploy them. A good MDR provider brings a wealth of experience, as well as round-the-clock monitoring and global threat intelligence from other clients, providing an instant boost to organisations’ cybersecurity capabilities and coverage.

In Australia, it is estimated that a cyber attack occurs every eight minutes, and in 2021, Australians lost over $300 million to scams. To keep pace with today’s advanced threats, effective detection and response requires a sophisticated mix of people, process and technology. Knowing what to look for in an MDR provider will help set up organisations for success.

Six considerations when partnering with an MDR provider

Technology: As businesses continue to migrate to the cloud, the number of potential risks, vulnerabilities and entry points increases. Organisations should look for an MDR provider that is experienced with XDR and SIEM technologies to bring together threat telemetry and forensic data from broader IT infrastructure, including networks, email and cloud infrastructure.

Detection: It’s important to look at how an MDR provider detects threats. Is it human-led, hypothesis-driven, or is it merely automated searching? Threat hunting must involve proactively exploring and interrogating systems for their current state as well as historical data. A quality MDR partner should combine human-led threat hunting with 24/7 monitoring and real-time analysis and investigations.

Response: To get more value from MDR services, look for a provider that responds to threats by containing them and keeping them from spreading further. They should be able to act remotely on endpoints, within the network, or other applications to isolate systems and stop threats in their tracks.

Research capabilities: Threat intelligence is often the foundation for effective detection and threat hunting. Look for an MDR provider with an active research arm that can incorporate other cyberthreat intelligence to benefit from the latest information on emerging threats around the globe.

Field-tested experience: It is crucial to ensure an MDR partner has adequate field-testing experience. Hasty responses can result in negative consequences like shutting down systems and business processes unnecessarily.

Culture: While it is often overlooked, it’s important to determine if a provider will deliver a long-term partnership. Consider their operating model, industry reputation, and how they will integrate with the team.

With the ever-evolving threat landscape, having a quality MDR provider can provide assurance to organisations. Their experience means they can actively interrogate endpoints, conduct threat research and hunting, perform forensic investigations, and quickly respond to incidents to mitigate their impact. They bring important insights and contextual knowledge about threats and vulnerabilities that enable them to be more effective. Lastly, their expertise on complex cybersecurity technologies and tools lets them optimise organisations’ existing investments to improve return on investment.

Image credit: iStock.com/MF3d

Related Articles

If you want to fix cyber, stop trying to fix people

We need to stop trying to fix people and start understanding and supporting them with the right...

Managing through uncertainty requires facing security unknowns head on

Understanding the attack surface in its entirety is not just a tactical advantage; it is a...

Why the success of modern cyber defence hinges on identity security

 A single compromised identity could easily provide the keys to the kingdom if it isn't...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd