As we have seen over the last few days, new variations of persistent threats continue to make the headlines. According to the NTT Security 2017 Risk Value report, where 1,350 decision makers in businesses across the globe were interviewed, 57% of organisations believe they will definitely suffer an information security breach at some point. What is more concerning is that a lot of organisations won’t even know when a breach occurs. This has changed the mind-set of businesses to focus on enhancing their ability to detect advanced and previously unknown threats and respond in a timely and effective manner, especially for malicious traffic moving laterally within an organisation’s network. Organisations, however, are struggling to invest limited resources in the required people, process and technology.
To counter these challenges, organisations are on the look-out for Managed Detection and Response (MDR) services which aim to shorten the gap between detection and response as well as increase the accuracy by combining the use of contextualised threat intelligence and advanced analytics. Methods and tools used for advanced analytics can include anomaly detection techniques such as machine learning or behaviour modelling in addition to traditional methods such as signature and perimeter-based defences.
Businesses are at different levels of maturity and set-up; from needing to augment their SOC with advanced analytics to rationalising a web of security technology and still needing to defend against advanced attacks. And with GDPR coming round the corner, regulatory compliance continues to be a major influencer in security investment decisions. Top this with the wide-ranging approaches from vendors when offering MDR services and it is no wonder many security buyers will be confused about the best approach.
Whichever route you decide to take, it is important to note that the full benefits of MDR can only be realised if supported by complementary consulting and Managed Security Services (MSS). This means starting with an assessment of your unique requirements and risk posture, providing a tailored roadmap and laying in the foundational managed security support from which to build sustainable and accurate MDR capabilities. And to prepare for the worst if a breach does occur, having a critical incident response plan in place will enable the correct use of the right MDR tools and techniques to contain and remediate the threat.
To learn more about improving your threat detection and incident response capabilities with MDR, download our free whitepaper.