Businesses are in a period of rapid technical evolution, and the result is an increasingly complex and dynamic environment that they are trying to protect against an equally rapidly evolving swarm of vulnerabilities and threats. Most don’t have the resources or expertise necessary to feel confident in their protection. To fill this gap, vendors and customers are turning to a new type of managed security service; Managed Detection and Response (MDR). As with any new and rapidly changing technical solution, there is confusion in the market about the features and outcomes of MDR, but there is agreement that its purpose is to reduce the likelihood and impact of successful attacks.
Organizations universally recognize that they are not 100% secure, and this period of rapid change is making that even more clear. Preventive tools and policies are valuable, but, as they acknowledge that there will be gaps and slips, it is crucial to rapidly detect and respond to vulnerabilities and attacks that appear within their networks.
Managed Detection and Response
We recently completed a series of 7 webcasts that introduced seven essential tenets of managed detection and response. These tenets, as well as the definition of MDR, are outlined in the MDR Manifesto, a document informed by input from analysts, experts, partners, and practitioners in the security space.
In our first webcast, we focused on the purpose of MDR. I was joined by Tom Adams, Marketing Director at Aptum, and Fran Howarth, Practice Leader for Security at Bloor Research, to discuss the purpose and value of MDR, as well as an assessment of its current state.
- MDR is cost-effective. The threat landscape and expanding customer attack surface require advanced technologies and expertise to provide visibility and coverage across IT assets. Security teams are struggling with staffing and deriving value from disparate point solutions (e.g., IR, EDR, SIEM). Effective MDR services are distinguishing themselves by reducing the cost of protection and eliminating the need to acquire new tools and new expertise.
- MDR delivers results. Threats range from automated to insider threats. By performing much of the high-volume data ingestion and distillation prior to informing customers, MDR enables security teams to focus on higher value tasks, and to better understand and manage their risk with a lower time investment.
- MDR is popular for multiple business types. Small and medium-sized organizations, who may not employ dedicated security specialists, use MDR to expand their internal teams. Large enterprises leverage MDR experts to get more insight and a broader view of threats and responses derived from the experiences of other firms. In both cases, the efficiencies of the Managed part of MDR is allowing for better visibility and response through economies of scale.
Detection and Response are in Demand
All of us agreed that organizations are looking to balance their security investments. When they overinvest in prevention, they find themselves unable to detect attackers that get through. Balance, between prevention and detection, and between information analysis previous to attacks and during attacks, is the new necessity.
Effective MDR must provide the monitoring and expertise to quickly identify vulnerabilities in your environment, and to detect suspicious or malicious activity inside your network. This information must be analyzed by MDR providers to determine the risk, potential impact, and to prioritize response efforts to avoid—or at least minimize—damage.
I invite you to check out the webcast on demand to learn more and take a look at all the sessions in our series highlighting the seven tenets of MDR. Click here to eliminate confusion and understand the value of MDR: Seven Essential Tenets of Comprehensive MDR.