Balamurali V
Managed Detection and Response (MDR) for Intelligent Incident Response
In the present ever-evolving Information Technology and Digital landscape, threat actors continue to evolve their tools, techniques, and procedures to attack across different channels. So more than ever before, the organizations now need to enhance their security posture to mitigate the potential risk. Managed Detection and Response is one of the most significant improvements of the security service offering. For organizations without a dedicated security resource expertise, MDR delivers an advanced capability. Managed Detection and Response services rapidly detect and proactively limit the impact of security incidents to customers. These services are focused on 24/7 threat monitoring, threat detection and intelligent incident response.
How MDR is different from Managed Security Services?
Managed security services provide pointed solution support and security infrastructure management. It monitors a list of prioritized alerts with suggested action items and an extended service to investigate those alerts. Security professionals correlate the events of the logs generated by the IT assets. They don’t have an external view of threats and tactics about advisories. MDR rapidly improves advanced threat detection, threat intelligence and incident response capabilities. When existing internal security professionals can’t monitor threats in real-time and lack the responsiveness needed to act on those risks, MDR is the solution.
Growth and Evolution of MDR Service Providers
MDR is a term introduced by the service providers that demonstrated few of the characteristics defining the MDR market and are more aligned to the Managed Security Service Provider (MSSP) market. In response to the competition in the market, some MDR providers are focusing on specific verticals where they can offer more specific expertise and services. This includes verticals such as health care and manufacturing, which have OT specific security concerns, data protection and IoT security concerns.
As some MDR service providers mature their threat detection and response offerings, they are adding complementary services to address other security operations gaps with their customers, such as vulnerability management. But customers are pushing the MDR providers to help with other essential security operation functions. MDR service providers are considering End point Detection and Response (EDR) as one of the key differentiators in service offerings.
Multiple threats are being detected in a short span of time. Organizations need to align their processes and resources for intelligent incident response, including Adaptive response using Machine Learning, Prioritized threat with respect to Behaviour analytics and automated actions using playbooks, third party integrations to provide significant value proposition to MDR customers.
The concern from the customers who have less mature detection and response capabilities, is that reducing time to detect a threat is meaningless without a corresponding reduction in the response time.
What MDR can Deliver
Threat hunting services and incident response to threats are the key deliverables of Managed Detection and Response (MDR). MDR customers get access to security service provider’s pool of security analysts and Threat intelligence professionals, who are responsible for monitoring events, correlating and analyzing incidents, and responding to security breaches. MDR capabilities are categorized in to five areas:
- Advanced threat detection and response
- Security Automation and Orchestration
- Threat intelligence
- Reactive response and proactive defence (threat hunting)
- Visibility to SOC professionals on real time threats
It is important to understand what an MDR provider is extending as services to validate what you can expect from an engagement.MDR providers often deploy their own technology stack, whether this stack is made up of their home grown tools or an integrated best-of-breed toolset of commercial off-the-shelf products. MDR providers correlate the logs from security tools in the customer environment to provide context aware threat intelligence services.MDR providers use security orchestration and automation (SOAR) tools for incident triage. Proactive threat hunting and intelligent incident response are the key differentiators for MDR service providers. They also customize threat detection use cases based on their best practices. All these contribute to the engagement with your MDR provider being viewed as turnkey services.
Conclusion: An Industry on the Rise in Adoption of MDR
When enterprise starts adopting Digital strategy, potential cyber risks also grow multi-fold. Cyber-attacks are rising in both volume and sophistication. Organizations, therefore, need to enable strong detection and response capabilities to quickly detect threats and respond before they turn into breaches.
With an increase in expansion of endpoint visibility and control alongside the rising adoption of cloud applications and multi-cloud services, many enterprises have failed to support technologies from skill set perspective. IT leaders recognize the need for the extra coverage but struggle to deliver support on a distributed IT environment, real-time basis. The investment made by them is underutilized and hence the systems go inadequately secured. Enterprise IT landscape is more complex with multi-cloud strategy. As these dynamics come into conflict with the recent increase in security breaches, the stage is all set for Manage Detection and Response. Enterprises are looking for more help with context aware threat detection and MSSPs are willing to step up to the job.