Tim Bandos, CISO at Digital Guardian, explores what managed data and response (MDR) entails and what the benefits are that it offers
With both the volume and diversity of cyber-threats growing all the time, security teams everywhere have a tough time just keeping up. Add to this the ongoing cybersecurity skills shortage, shrinking/static budgets and the upheaval caused by COVID-19, and the picture starts to become quite bleak. For this reason, a growing number of CISOs and CIOs are starting to look beyond their own four walls for a solution. One increasingly popular option is managed detection and response (MDR), largely because of its ability to supercharge any security program by instantly granting access to a large team of dedicated experts. But like any solution, MDR may not be the best fit for everyone. This article will take a closer look at exactly what MDR entails, the key benefits it offers, and some key considerations when deciding whether it’s the right approach for your business.
Cavalry for hire
For most organisations, the single biggest problem faced is a lack of skilled personnel, which is precisely what makes MDR so appealing. By outsourcing detection and response to a team of experts, they can kill numerous birds with one stone. Not only are they up-levelling their own security program, but they are also avoiding the pain and expense of having to identify and hire internal team members during a time when top talent is extremely hard to come by.
For this reason, MDR has thrived in recent years and there’s now a strong selection of MDR providers, tools and solutions for organisations to choose from. However, while many providers have their own take on the exact tools needed for effective detection and response, all MDR offerings tend to share a few key characteristics. Firstly, they rely heavily on security event management and advanced analytics to do much of the heavy lifting. Secondly, they require round-the-clock manual monitoring by security professionals (although some automation is starting to be used now). Finally, although services are predominantly delivered using the MDR provider’s own technologies, these technologies need to be deployed on-premise at the customer’s end.
Supercharging your security program
When implemented correctly, the benefits of MDR can be numerous. In addition to security experts, it also gives customers access to a wide range of advanced cybersecurity tools and solutions that would otherwise be unaffordable. Many providers can even customise implementations based on specific security needs, something even the largest in-house teams often struggle to do effectively.
MDR solutions don’t just detect threats either, they help organisations stop them too. Rather than flagging every individual threat as an automated system would do, providers evaluate each one individually and only pass on those which are deemed to pose a genuine threat. In the event of such a threat being discovered, they will then work directly with the organisation to investigate how it occurred and mitigate it as fast as possible.
Not all MDR solutions are created equal…
MDR can be a great option for any business struggling to keep up in an increasingly hostile threat landscape. However, like most things in life, the value on offer can vary wildly. As such, any organisation seriously considering MDR must take the time to do the necessary research and ensure the provider they choose offers the type/level of security support required, at a competitive price. MDR should also be used to complement existing security tools and technologies, not replace them entirely, so it’s important to select a provider that offers something different to what’s already in place internally. Finally, although compliance isn’t a core focus of MDR, providers must still respect local/regional data and privacy regulations, in order to meet all compliance obligations, an organisation has, whether general or sector-specific.
No organisation wants to be a victim of cybercrime, but with a growing number finding themselves short-staffed and overwhelmed in such a critical business area, the question becomes when, not if, a breach will occur. In many cases, MDR offers a fantastic way to reinforce defences and ensure your back is covered in a timely and cost-efficient manner. However, taking the time to research and identify the right provider is critical, and will ultimately dictate how well protected you are in the long run.