Why is MDR a wise cyber security investment?

By Ed Williams, EMEA Director of SpiderLabs, Trustwave
Ed Williams, EMEA Director of SpiderLabs, Trustwave, explains why Managed Detection and Response (MDR) is an important security investment

The nature and intensity of cybersecurity risk is constantly changing. Unfortunately, organisations around the world are still facing serious difficulties in finding and retaining skilled security staff that can tackle this evolving threat. The global cybersecurity skills crisis is slowly improving, with the size of the workforce shortage dropping from 3.12 million in 2021 to 2.72 million last year. But this progress is nowhere near fast enough – which is one reason why organisations are choosing to invest in solutions such as managed detection and response (MDR).

Gartner has predicted that half of all organisations will be using MDR services by 2025. However, there is still confusion about what services MDR should provide – with some vendors offering little more than the reactive investigation of automated alerts. We believe that investing in MDR is one of the best security decisions an organisation can make. So, what should security leaders be looking for when considering MDR?

Proactive Decisions

We know that a proactive defence is the best way to respond to cybersecurity risk. Organisations should be actively searching for threats, monitoring danger, and responding quickly when an attack is identified. It is no longer sufficient to secure endpoints and put up firewalls.

A proactive defence must combine risk monitoring with threat hunting and the ability to respond to threats. However, technologies such as extended detection and response (XDR) and security information and event management (SIEM) are often missing key proactive security elements – particularly when deployed by in-house teams. Traditional managed security service providers (MSSP) also focus on monitoring logs and alerts, yet tend to generate a large number of false positives and usually fail to incorporate proactive mechanisms.

The task of deploying XDR and SIEM is non-trivial, requiring time, effort, and knowledge. Implementing these systems across cloud, servers, endpoints, and networks can take months. Then, once the solutions are in place, security teams must learn how to configure and maintain the new systems. 

Although these solutions can collect data, detect threats, and enable investigations, they require expertise which is not always available due to the ongoing skills shortage. MDR improves upon XDR, SIEM and other technologies by significantly reducing time-to-value. An MDR provider can deliver high-quality services in a matter of hours, offering around the clock monitoring and threat intelligence as well as the experience needed to get the best out of the products they offer. 

How To Choose an MDR Vendor

MDR vendors’ threat hunting and detection methods differ substantially. Decision makers should look for providers that offer human-led hunting and investigations powered by 24/7 monitoring and real-time analysis. When a threat is detected, MDR providers must be able to take action remotely to isolate systems. MDR should also go beyond the endpoint, which means suppliers should be able to deliver EDR as well as XDR and SIEM. Providers must enable the collection of threat telemetry and forensic data from networks, email, cloud, and other parts of the IT infrastructure.

Threat intelligence is also a key part of the picture. An MDR provider with its own research department and the ability to draw on external intelligence will give organisations an advantage over adversaries. When choosing a provider, it is important to understand how it conducts research. Does it reverse engineer malware, carry out breach investigations and closely examine the behaviour of threat actors? The answer to these questions should guide decisions. 

A provider’s experience is fundamentally important. MDR partners must be able to proactively respond to threats and take actions in an organisation’s environment. To do this, they need to possess field experience. Finally, a provider’s culture should be considered to ensure it will be a good fit and enable a long-term partnership. 

When these points are answered, organisations can make a decision which is likely to be an excellent security investment. Choose MDR and you choose a more secure future. 

 

Share

Featured Articles

CTO at Passbolt explains the importance of password managers

Remy Bertot, CTO at Passbolt, spoke to Cyber Magazine to discuss the growing importance of password managers and keeping businesses' data secure

Nord Security raises US$100mn at US$1.6bn valuation

Nord Security has raised US$100mn at a valuation of US$1.6bn and plans to use the funds to hire more staff, invest in research and expand its product suite

Who is Mandiant, Google’s latest cyber security acquisition?

Cybersecurity firm Mandiant, has entered into a definitive agreement to be acquired by Google in an all-cash transaction valued at approximately US$5.4bn

SpyCloud finds the rate of password reuse continues to rise

Cyber Security

Logicalis: Offering real-time cyber threat response

Cyber Security

Top 100 Leaders announced at Technology, AI & Cyber Live

Technology & AI