Why
your
organization
should
consider
an
MDR
solution
and
five
key
things
to
look
for
in
a
service
offering
The
threat
landscape
is
evolving
at
breakneck
speed
and
corporate
cyberattack
surfaces
expand,
with
many
trends
and
developments
kicked
into
overdrive
as
a
result
of
the
surge
in
digital
transformation
investments
during
and
after
the
COVID-19
pandemic.
But
the
growth
of
the
attack
surface
often
results
in
a
gap
between
attackers
and
defenders
–
across
skills,
capabilities
and
resources.
Fortunately,
there
are
things
that
corporate
security
teams
can
do
to
(re)gain
some
of
the
initiative,
for
example
ensuring
that
their
approach
is
proactive
and
considers
prevention,
detection
and
response,
including
possibly
by
outsourcing
capabilities
to
expert
industry
partners.
Managed
detection
and
response
(MDR)
combines
all
this.
But
not
all
solutions
are
created
equal,
so
let’s
take
a
look
at
why
your
organization
may
need
MDR,
and
five
key
things
to
look
for
in
a
service
offering.
Why
you
need
MDR?
The
pandemic-era
surges
in
investments
can
be
observed
in
trends
such
as:
-
Rapid
adoption
of
cloud
computing
which
is
outpacing
internal
skills,
leading
to
misconfigurations
that
expose
organizations
to
attack. -
An
emerging
hybrid
workplace
which
means
potentially
more
unmanaged
machines
at
home
and
more
distracted,
risk-taking
employees
using
them. -
A
surge
in
supply
chain
complexity
that
provides
attackers
with
opportunities
to
target
managed
service
providers
(MSPs),
upstream
open
source
repositories
and
smaller
suppliers. -
Ransomware
as
a
service
(RaaS),
which
has
democratized
the
ability
to
launch
sophisticated
multi-stage
ransomware
attacks. -
Use
of
legitimate
tooling
for
lateral
movement,
which
makes
it
harder
to
spot
the
tell-tale
signs
of
a
breach. -
A
cybercrime
underground
saturated
with
breached
data,
possibly
making
it
child’s
play
for
attackers
to
sneak
past
perimeter
defenses
using
legitimate
credentials. -
A
mature
cybercrime
economy
where
individual
players,
such
as
Initial
Access
Brokers
(IABs),
all
have
a
clearly
defined
role
in
the
attack
supply
chain. -
An
increase
in
published
CVEs
that
gives
threat
actors
even
more
opportunities
to
compromise
their
targets.
All
of
these
trends
and
more
make
compromise
more
likely.
2021
saw
publicly
reported
data
breaches
in
the
US
hit
an
all-time
high.
And
it
makes
those
incidents
harder
to
detect,
and
more
costly
to
contain.
The
mean
time
to
identify
and
contain
a
data
breach
now
stands
at
277
days,
and
the
average
cost
is
US$4.4
million
for
2,200
to
102,000
compromised
records.
When
prevention
is
not
enough
In
this
context,
a
preventative
approach
to
security
simply
isn’t
good
enough.
Determined
threat
actors
will
always
find
a
way
into
your
corporate
network—if
not
via
vulnerability
exploitation,
then
by
using
breached,
phished
or
brute-forced
credentials.
That
means
you
must
add
threat
detection
and
response
to
preventative
efforts.
This
approach
posits
that
if
attackers
get
past
your
defenses,
you
have
the
continuous,
granular
monitoring
in
place
to
spot
any
signs
of
suspicious
activity
before
the
bad
guys
have
had
a
chance
to
make
an
impact.
Your
SecOps
team
rapidly
responds
to
contain
the
incident
before
it
becomes
a
serious
breach.
Extended
detection
and
response
(XDR)
is
an
increasingly
popular
way
of
achieving
this.
It
combines
critical
detection
capabilities
across
endpoint,
email,
cloud
and
other
layers
plus
response
and
remediation
to
stop
attackers
in
their
tracks.
However,
for
some
organizations,
XDR
isn’t
a
panacea.
Its
usefulness
can
be
limited
by:
-
In-house
skills
gaps
which
mean
there
are
few
trained
analysts
to
operate
the
XDR
tooling -
Deployment
and
management
challenges,
again
due
in
part
to
staff
shortages
and
particularly
acute
when
managing
XDR
across
multiple
regions -
High
cost
of
staffing
and
buying
and
maintaining
the
right
XDR
tools -
Alert
overload
from
tools
that
fail
to
accurately
prioritize
threats
for
stretched
analysts
That’s
why
MDR
is
increasingly
favored.
It
effectively
hands
over
management
of
XDR
to
an
expert
outsourcing
provider,
meaning
that
their
trained
analysts
handle
threat
detection,
prioritization,
analysis
and
response.
However,
with
so
many
solutions
on
the
market,
how
can
you
choose
the
right
one
for
your
business?
Five
things
to
look
for
in
an
MDR
vendor
MDR
is
at
its
best
a
blend
of
industry
leading
technology
and
human
expertise.
They
come
together
in
what
is
ostensibly
a
managed
Security
Operations
Center
(SOC)
where
skilled
threat
hunters
and
incident
managers
analyze
the
output
of
tooling
to
help
minimize
cyber-risk.
Here
are
five
things
to
look
for
in
a
service:
-
Excellent
detection
and
response
technology:
Shortlist
providers
whose
products
are
well-known
for
high
detection
rates,
low
false
positives
and
a
light
overall
footprint.
Independent
analyst
appraisals
and
customer
reviews
can
help. -
Leading
research
capabilities:
Vendors
that
run
renowned
virus
labs
or
similar
will
be
best
placed
to
stop
emerging
threats.
That’s
because
their
experts
are
researching
new
attacks
and
how
to
mitigate
them
every
day.
This
intelligence
is
invaluable
in
an
MDR
context. -
24/7/365
support:
Cyberthreats
are
a
global
phenomenon
and
attacks
could
come
from
anywhere,
so
MDR
teams
must
be
monitoring
the
threat
environment
at
all
times
of
day
and
night. -
Top
quality
customer
service:
The
job
of
a
good
MDR
team
isn’t
just
to
detect
and
respond
rapidly
and
effectively
to
emerging
threats.
It’s
to
act
like
an
extension
of
the
in-house
security
or
SOC
team.
This
should
be
a
partnership,
not
simply
a
commercial
relationship.
That’s
where
customer
service
comes
in.
Providers
should
marry
hyperlocal
language
support
with
global
presence
and
delivery. -
Services
tailored
to
order:
No
two
organizations
are
the
same.
So
MDR
providers
should
be
able
to
customize
their
offerings
for
each
client,
based
on
their
size,
the
complexity
of
their
IT
environment
and
required
level
of
protection.
The
global
MDR
market
is
predicted
to
grow
at
a
CAGR
of
16%
over
the
coming
five
years
to
reach
US$5.6
billion
by
2027.
With
so
much
at
stake
and
so
many
vendors
out
there,
it
pays
to
do
plenty
of
due
diligence
before
making
your
decision.