Why is MDR a wise cyber security investment?

By Ed Williams, EMEA Director of SpiderLabs, Trustwave
Ed Williams, EMEA Director of SpiderLabs, Trustwave, explains why Managed Detection and Response (MDR) is an important security investment

The nature and intensity of cybersecurity risk is constantly changing. Unfortunately, organisations around the world are still facing serious difficulties in finding and retaining skilled security staff that can tackle this evolving threat. The global cybersecurity skills crisis is slowly improving, with the size of the workforce shortage dropping from 3.12 million in 2021 to 2.72 million last year. But this progress is nowhere near fast enough – which is one reason why organisations are choosing to invest in solutions such as managed detection and response (MDR).

Gartner has predicted that half of all organisations will be using MDR services by 2025. However, there is still confusion about what services MDR should provide – with some vendors offering little more than the reactive investigation of automated alerts. We believe that investing in MDR is one of the best security decisions an organisation can make. So, what should security leaders be looking for when considering MDR?

Proactive Decisions

We know that a proactive defence is the best way to respond to cybersecurity risk. Organisations should be actively searching for threats, monitoring danger, and responding quickly when an attack is identified. It is no longer sufficient to secure endpoints and put up firewalls.

A proactive defence must combine risk monitoring with threat hunting and the ability to respond to threats. However, technologies such as extended detection and response (XDR) and security information and event management (SIEM) are often missing key proactive security elements – particularly when deployed by in-house teams. Traditional managed security service providers (MSSP) also focus on monitoring logs and alerts, yet tend to generate a large number of false positives and usually fail to incorporate proactive mechanisms.

The task of deploying XDR and SIEM is non-trivial, requiring time, effort, and knowledge. Implementing these systems across cloud, servers, endpoints, and networks can take months. Then, once the solutions are in place, security teams must learn how to configure and maintain the new systems. 

Although these solutions can collect data, detect threats, and enable investigations, they require expertise which is not always available due to the ongoing skills shortage. MDR improves upon XDR, SIEM and other technologies by significantly reducing time-to-value. An MDR provider can deliver high-quality services in a matter of hours, offering around the clock monitoring and threat intelligence as well as the experience needed to get the best out of the products they offer. 

How To Choose an MDR Vendor

MDR vendors’ threat hunting and detection methods differ substantially. Decision makers should look for providers that offer human-led hunting and investigations powered by 24/7 monitoring and real-time analysis. When a threat is detected, MDR providers must be able to take action remotely to isolate systems. MDR should also go beyond the endpoint, which means suppliers should be able to deliver EDR as well as XDR and SIEM. Providers must enable the collection of threat telemetry and forensic data from networks, email, cloud, and other parts of the IT infrastructure.

Threat intelligence is also a key part of the picture. An MDR provider with its own research department and the ability to draw on external intelligence will give organisations an advantage over adversaries. When choosing a provider, it is important to understand how it conducts research. Does it reverse engineer malware, carry out breach investigations and closely examine the behaviour of threat actors? The answer to these questions should guide decisions. 

A provider’s experience is fundamentally important. MDR partners must be able to proactively respond to threats and take actions in an organisation’s environment. To do this, they need to possess field experience. Finally, a provider’s culture should be considered to ensure it will be a good fit and enable a long-term partnership. 

When these points are answered, organisations can make a decision which is likely to be an excellent security investment. Choose MDR and you choose a more secure future. 

 

Share

Featured Articles

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

See Below for a Newly Announced Speaker List for Tech Show London 2024, as it Promises to Showcase Technology Trends Will Impact Various Sectors

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Security