The Average Time it takes to identify a data breach is 197 days.  The average time it takes to contain a breach is 69 days.  With the volume of cyber threats today, many small and large companies are looking to augment cyber security programs. 

 

Managed Detection and Response (MDR)

 

The MDR model provides organizations a way to improve how they detect threats, respond to incidents, and monitor systems with a 24/7 Security Operations Center Service.

 

Managed Detection and Response(Source: Ponemon Institutes: Cost of a Data Breach 2018 study for IBM)

 

Managed Detection and Response (MDR) purpose is to help companies and organizations improve the way they detect cyber threats, respond to incidents, and continuously monitor their systems and assets in real-time.  

 

Organizations and businesses need a more meaningful way to contain a breach rather than it being a notification that you already have an issue and it’s moved into a cleanup operation.

Gartner predicts that 15% of midsized businesses and bigger corporations will be using MDR in 2020, a big leap from the less than 1% of companies in 2019.

 

What makes MDR different?

  1. MDR runs AI (Artificial Intelligence) to monitor multiple data points within an organization vs a single server or single desktop alert.  Where a single event on one computer may not trigger any suspicion, MDR may see something on one device and something else on the other side of the network, and together the activities are suspicious but individually they are not. 

  2. It can detect lateral movement and spread.  If by chance a bad actor has gotten a foothold in a network, MDR will be able to identify abnormal activities to reduce the risk of lateral movement within a network.

  3. Threat hunting is a critical support mechanism to threat anticipation, as multiple data sources are analyzed to help facilitate the detection of currently unknown or hidden threats. As a whole, the concept of cyberthreat hunting is on the rise, so it’s no surprise that it’s a part of most MDR implementations.

  4. You’ve identified a threat, initiated a response, and eliminated any short-term, immediate threats to your critical data. Under a managed detection and response model, there’s still quite a bit more work to be done. You still need to manage the after-effects of the breach, assess the damage, deal with potential compliance issues, and take steps to ensure the same thing doesn’t happen again. These activities fall under the breach management aspect of managed threat detection and response.

Managed Detection and Response Model

 

MDR is a unique combination of technology and human skills that provide a greater focus on detecting and responding to breaches. The software is important but the most vital part of the MDR service is the team of analysts that watch your network 24/7.

 

An often overlooked issue when it comes to cybersecurity is the sheer volume of alerts security and IT teams regularly receive. Many of these alerts cannot be readily identified as malicious and have to be checked on an individual basis.

 

MDR aims to address this problem not only by detecting threats but also by analyzing all the factors and indicators involved in an alert. MDR also provides recommendations and changes to the organizations based on the interpretation of the security events. Security technologies may have the ability to block threats, but digging deeper into the hows, whys, and whats of incidents requires a human touch.

 

Compliance challenges also can be met using MDR services providing full stakeholder reporting and log retention on a wide range of regulations and standards.

 

 

Managed Detection and Response (MDR) should include:

  1. Live breach detection: looking at all indicators of any compromise coming in.

  2. Active threat hunting and alert triage to try and make sense of what’s going on.

  3. Means to take some sort of active defense response and stop the malicious event.

  4. Use preventative technologies to automatically stop the compromise and neutralize the threat.



    MDR

 

In today’s world, it’s critical to reduce the time of detection to hours if not minutes vs days, weeks, and months.

 


MDR Free Trial

 

Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:

  • Tri-Cities, Washington 509.396.6640
  • Yakima, Washington 509.396.6640
  • Bend, Oregon 541.848.6072

Questions about your IT or Cybersecurity? Give us a call today!