How good is your company at detecting intrusions into your computer network? Even if you aren’t aware of any problems, hackers may already be in your system and accessing your data. “It’s not at all uncommon that the first time a company knows they’ve been attacked is when the FBI comes and tells them they’ve seen their data on the dark web,” said Daniel Clayton, VP, global security operations and services at Bitdefender, a cybersecurity service provider.
Cybersecurity is a growing concern for manufacturers, suppliers, transportation providers and others who share data in the digital supply chain. Any unprotected connections along this supply chain could enable cybercriminals to enter other companies’ networks. Traditional anti-virus and firewall software can’t provide the necessary defense against these threats; it takes a more robust, 24/7 cybersecurity program and experienced, knowledgeable personnel to address them. Today, many businesses that don’t have the manpower, the knowledge or the financial resources to mount this kind of defense are relying on providers of cybersecurity as a service.
There are many variations of cybersecurity as a service (CSaaS), but the fastest growing is managed detection and response services (MDR). According to Gartner’s 2021 market guide, MDR provides customers with “remotely delivered modern security operations center (MSOC) functions. These functions allow organizations to rapidly detect, analyze, investigate and actively respond through threat mitigation and containment.”
MDR is not an all-inclusive solution; it does not handle security-related tasks like patching and vulnerability management. But Gartner predicts that by 2025, 50% of all organizations will be using MDR services as part of their cybersecurity measures.
Fast response time
Some organizations have relied on managed security services (MSS) to handle all aspects of computer security, but that hasn’t been very efficient for cyber threat response. “It was taking most organizations about five days to get out a notification about something that was time critical,” said Clayton. That’s sufficient time for cyber criminals to get in and get entrenched in a company’s network systems. “They essentially open doors and windows for themselves so they can come and go as they please undetected,” he said. In just five days, a hacker planning a ransomware attack could steal data or determine which information is the most valuable to the company before encrypting it.
By focusing on immediate detection and response, MDR providers can mitigate the damages by removing malware or other threats before they have time to take hold.
Clayton compares it to removing a newly planted tree. If you dig that tree out a few days after planting, it’s easy; wait six months or a year, and the tree has grown roots and is much harder to remove.
MDR is a complex process. It uses automated technology, which may include AI, to continually analyze logs from sources that can include a customer’s network, cloud data and endpoints, which are the remote computing devices like laptops and mobile phones that connect to the network. (The customer, in conjunction with the MDR provider, determines which data logs it wants monitored.) The MDR technology combines that log data with information about known threats, such as bad IP addresses, to check for potential problems. This process goes on 24/7.
When the MDR identifies a possible threat, it determines its level of criticality and sends it on to the MDR provider’s security operations center (SOC) team of highly-trained, experienced cyberthreat specialists. After ensuring that it is not a false positive (which can happen fairly often, because of all the different and sometimes conflicting software that a company uses), the SOC follows pre-established protocols for handling it. They may email the customer, send them a text or give them a call, depending on the threat level and the immediacy of the need for action. The SOC team will recommend the actions the company should take, such as blocking an IP address, isolating a certain host or disabling a user account.
The entire process is very fast, and can take as little as five to 20 minutes after initial detection for notification to go to a customer. A business can quickly take the steps necessary to avoid widespread infiltration of its network.
MDR services also check for existing problems.
“The value proposition of MDR is in the proactive approach that the providers employ,” Clayton said. “If you understand what bad guys are trying to achieve, and you understand how bad guys operate, then you can go and look for signs that they’re doing the things that you know they would do if they were in the environment. So you couple your technology solution with a proactive monitoring or proactive analysis solution, often referred to as cyber threat hunting, where you assume you’re compromised, and you just go look for it.”
Why choose MDR
One reason that companies in the supply chain and other industries are turning to MDR is that cybersecurity experts are expensive and hard to find. In the U.S. alone, there are currently more than 700,000 unfilled cybersecurity positions.
Even when companies have that talent available, the intensive threat monitoring and constant awareness that’s required is difficult to maintain. “It’s non-stop, 24/7. There are no days off, no breaks, and it can grind people to the ground. Offloading to a third party like us lessens the burden on their staff in a number of different ways,” said Scott Dally, VP of product at Foresite, which offers a range of cybersecurity solutions.
Companies want to focus on their areas of expertise—such as making widgets—rather than on cybersecurity. With cyber criminals implementing new methods of attack every day, a dedicated MDR company with multiple clients can focus on staying on top of these cyber threats.
The risks related to cybersecurity problems have also increased. In addition to the costs of recovering from ransomware and other types of malware, companies that suffer security breaches may face fines for not complying with HIPPA and other privacy and security regulations. Insurers are also requiring companies to demonstrate that they are following basic cyber safety practices. (See sidebar.)
Another advantage for a company using MDR services is that it moves the expense out of capital expenditures, freeing up that money for other investments, Dally added.
MDR provides some peace of mind to company executives and IT professionals. “They can sleep better at night knowing that their stuff is being watched by people who know what they ‘re doing and who can differentiate between what is real and what is not,” Dally said.