Upgrading to managed detection and response

Sachin Varghese, executive vice president and CMO at cybersecurity solutions provider Paladion, talks about why upgrading managed security with managed detection and response (MDR) will become a necessity in 2018.

Tags: Paladion (www.paladion.net/)
  • E-Mail
Upgrading to managed detection and response Sachin Varghese, executive vice president and CMO, Paladion
By  Sachin Varghese Published  February 1, 2018

In 2018, your network will most likely be breached. In previous years, we would not be able to say this. Network perimeters were limited and securable. Attacks were relatively uniform and predictable. The attack volume was low enough to be stopped with heavy investment in legacy SIEM systems.

However, those days are gone. The enterprise now runs on cloud, mobile, and IoT. By 2020, there will be 50bn connected devices and 99% of these computing devices are vulnerable to cyberattacks. The enterprise security perimeter has dissolved.

At the same time, attackers have learned to take advantage of the new, complex, and permeable enterprise. They take advantage of your moments of peak network traffic to hide their attacks. They have evolved fast, sophisticated, multi-channel attacks. They now deploy complex unknown attack patterns-and the identity of the attackers themselves often remains unknown until it's far too late.

The result

Now, data breaches are increasing at an alarming rate, are now inevitable and attackers know this. They have let go of "smash and grab" approaches to cybercrime, and now focus on seeding your systems with advanced persistent threats (APTs) that take months to secretly find their target and inflict their harm. They now assume they will breach your systems, and be able to hide in your network as long as it takes to complete their mission.

And if you hold onto legacy approaches to cybersecurity in 2018, your attackers will be right to make this assumption.

Fighting with MDR

Organisations and cybersecurity experts are waking to this reality, and shifting their focus away from prevention, and towards managed detection and response (MDR) services. IBM predicts 2018 will be the first year a major company will respond appropriately after suffering a significant breach. At the same time, Gartner argues detection and response capabilities will "drive a majority of security market growth" through 2022.

MDR services assume a breach will happen, and answers the question "How do we act quickly to prevent a breach from becoming catastrophic?" MDR services continuously monitor your systems to find breaches in real-time. They then quickly shift to respond in near real-time. While MDR services do focus on what happens after a breach occurs, they do not ignore threat prevention entirely. A mature MDR program provides full left-to-right of the hack protection. A Paladion approach, included the following services:

Threat anticipation: Continuously reviews the global threat landscape to identify, and protect your systems from most likely threats.

Threat hunting: Deploys data science and machine learning models to proactively uncover known and unknown threats in your networks.

Security monitoring: Applies real-time rules to logs and security events to detect known attacks and compliance violations.

Incident analysis: Triages alerts to focus on evaluating your most relevant threats, and queuing up response in the case of security incidents.

Incident response: Executes rapid, coordinated containment, eradication, and recovery from major incidents.

Breach management: Leverages human experts and machine learning to derive lessons from the breach, and strengthen your system from similar future attacks.

Making MDR work

The transition to MDR-led security services in 2018 faces certain challenges. This year, much of this challenge will come from contending with stringent new privacy and data protection regulations such as GDPR and selecting the right cybersecurity provider.

The MDR service provider market will appear confusing, as traditional MSSPs attempt to adopt MDR-like services (or, perhaps, to simply adopt MDR branding without fundamentally changing their service offerings). However, it's imperative to cut through this confusion. Select an MDR-first provider who has dedicated years of investment in anomaly investigation, forensic capabilities, and response playbooks.

Challenging or not, MDR adoption is no longer optional. The average cost of a single data breach will exceed $150m by 2020, and by the end of 2018, cybercrime damages are projected to exceed $9trn globally.

Will you join these statistics in 2018? Or will you protect yourself with MDR?

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code