Is MDR Something My Company Should Consider?

Is MDR (Managed Detection and Response) Something My Company Should Consider?

MDR (Managed Detection and Response) has become more and more of a buzzword over the last couple of years- is it really all that it’s cracked up to be, and why the buzz? What is it exactly? MDR is a proactive service (sometimes called SOCaaS) that significantly increases an organization’s security posture with 24×7 monitoring and advanced threat detection. A team of security experts collects data from your environment and identifies and contains threats before they can do damage to your environment. Some MDR services offer guided response, and some provide remediation and validation that the threat is neutralized. Some MDR services even have a mobile app so that your staff can basically have a “SOC in their pocket”.

Good MDR services will use a mixture of ways to identify threats such as proactive threat hunting, threat intelligence feeds, user behavior analytics, attacker behavior analytics and even deception technologies to catch attackers in the act. Some solutions work better when a company can have on-prem sensors, and there are even solutions that will work for the 100% cloud-based, nomadic companies that have been a result of the large shift to the remote workforce in 2020.

No matter how many security solutions and technologies a company adds to protect themselves from cybercriminals, we continue to see news stories filled with breaches- from small companies to large enterprise and even entire cities. Why? How is it that companies can spend so much on top-notch solutions and there are still breaches?

Here is what it comes down to: the tools themselves are not necessarily failing – many times breach occurs because an alert was missed, or no action was taken on an alert. I remember just a few years ago when SIEM was one of the biggest buzz words of the year…and there are great stand-alone SIEM solutions…. however, there are only so many alerts that a person (or even a team in some cases) can sift through before things get missed. We are human- that’s the problem! Over the last couple of years, I have seen MDR grow and evolve and there are some really great options for companies of all sizes. Not all MDR solutions are created equal, and as with anything they all have their strengths and weaknesses. The key is to identify the MDR solution that is right for your company.

I talk with companies of all different sizes and the larger companies usually already understand that MDR increases security, potentially reduces costs, and provides a proactive approach to security with a SOCaaS that would be hard for most companies to build on their own. When I talk with small to medium-sized companies, the most common question is usually “Isn’t my company too small for MDR? It’s expensive, right?” My answer: As MDR has evolved, doors have opened for SMB companies – making MDR a much more affordable option for them. This is a great thing since a company does not have to be large to be a target – so why should smaller companies have such limited choices? If you think your company is too small or your choices are limited – you might be surprised at how affordable and effective MDR can be in 2021. As large MDR companies have worked to scale for SMB, they have turned to highly experienced MSSPs to help them scale to accommodate companies that historically could only imagine having an MDR solution- while still getting the same Enterprise solution. Thus, eliminating the past dilemma of limited SMB solution choices.

According to the Ponemon Institute’s Cost of a Data Breach Report, in 2020, the average time to identify and contain a data breach was 280 days. While this number varies a little by industry, the statistic is similar from SMB to Enterprise. So, I will finally get to my answer to the question “Is MDR something my company should consider?”- the answer is YES. Absolutely, it is worth evaluating solutions to see if and what solution is right for your company. Some MDR companies can identify and stop 85% of threats within one hour of initiation and over 90% identified and stopped within a day. Catching a threat early-on significantly reduces the impact months down the road – saving the heartache of data loss and the financial hit of a successful attack – both of which could put a company out of business if extensive. Even more stifling is that in 2020, Advanced threats were 70% of companies that sign up with an MDR service find out that they had advanced threats in their environment that they were unaware of.

When it comes to cybersecurity, there are ever-evolving threats, escalating costs, and a talent shortage. MDR can help overcome all of these obstacles. There is typically a solution that will meet and exceed the organization’s needs and expectations. The days of alert fatigue from a SIEM and the days of an impossible amount of logs and alerts to comb through practically disappear- freeing up staff and reducing the chance of not only false positives and also ensuring your organization does not miss a true positive alert. The IS-CERT Vulnerability Database confirmed 17,447 CVEs (Common Vulnerabilities and Exposures) discovered in 2020. That is an average of 48 new vulnerabilities a day. Most companies do not have the staff or tools in place to keep up with that number of new vulnerabilities.

There are so many MDR services to choose from that sometimes it can be difficult to sift through the marketing vs the nitty-gritty. Whether you are a large enterprise or a small business and want to learn more about what type of MDR service would be the right fit for your organization, contact us to speak with one of our MDR experts. [email protected]

By: Kelly Smith, VP Cyber Security, RevelSec

March 4, 2021