If you ask a CISO today to name the biggest challenges of the job – 9 times out of 10, the security skills gap is mentioned. It’s not a myth – the gap is continuing to widen and CISOs are feeling the pressure as cyber attacks grow in complexity and are testing enterprises now more than ever. In fact, last week Gartner announced results from its ‘2018 CIO Agenda Survey’ which was gathered from 3,160 CIO respondents. Gartner found that only 65% of CISOs said that their organizations currently have a cybersecurity expert.
According to Gartner*, “As with any security operations organization, finding, hiring and retaining talent are distinct challenges, and in the MDR space, these are exacerbated by the fact that the skill sets required are highly specialized.”
So then, how should organizations be ensuring a robust cybersecurity posture during an age of such a significant resource shortage?
There’s more than one answer to that question and we’ll consider one approach in this blog post: Managed Detection and Response.
So What Exactly is Managed Detection and Response (MDR)?
MDR has emerged as a partial answer to the skills gap problem. It’s a service that augments an organization’s existing security infrastructure with a third-party team of cybersecurity specialists who ensure an organization has 24/7 threat detection and response coverage. An MDR team worth its salt should act as your security partner, it should be extension of your internal team and undertake more proactive measures to boost the organization’s security posture with network traffic analysis, incident analysis, threat hunting, discovery and classification of assets, monitoring, and compliance enforcement.
What Are the Benefits of Managed Detection and Response?
It takes a serious expert to be able to detect and respond to increasingly sophisticated attacks. Recruiting this type of talent is challenging but the right MDR service has you covered by professionals ranging from security operations to incident responders, threat hunters and intelligence analysts – regardless of in-house expertise. It makes it possible to have an entire team of experts at your fingertips, who are constantly analyzing your network, at an affordable price.
Beyond addressing the skills shortage issue, MDR also provides a number of key advantages which shouldn’t be overlooked. For starters you’ll get more sleep at night knowing that someone who knows their stuff is consistently observing the traffic on your network and enforcing your policies and compliance requirements.
MDR also often means faster identification and response to threats and this is where you’ll really see the value of the investment. An MDR team will notify you immediately of a threat and work quickly with you to respond to it – this means your organization minimizes the impact of a breach, in turn saving you time and money.
How Do I Choose an MDR Vendor?
When looking to outsource the detection and response requirements of your organization it’s important not to mistake Managed Security Service Providers (MSSPs) for being able to deliver an MDR offering. Organizations should be wary of MSSPs claiming that they are able to provide MDR-like services. Ultimately, the biggest limitation of an MSSP service is the lack of a personal touch. This type of service tends to be focused around portal-based or email conversations whereas an MDR service will provide you with a round-the-clock personal service, and the team will consistently provide insights and apply years worth of knowledge to solve problems and improve processes.
In addition, it’s important to remember that MDR is the combination of expertise and technology. So really spend some time assessing whether the technology solution is the right fit for your organization – does it suit your requirements and the scale of the business? Ultimately this technology will be the engine powering the MDR team so it’s important to ensure that it’s right.
Questions to ask:
- Is this a 24/7 solution?
- What is the preferred method of communication?
- How much time is dedicated to monitoring, compliance, policies and conducting threat hunting activities?
- Does the solution provide an integrated Endpoint Detection and Response capability?
- Does the network solution scan all ports and protocols and provide metadata to the experts for data driven insights?
- Does the solution provide metadata for up to 360 days?
- Is there Sandboxing?
- Does the technology include Deception breadcrumbs and decoys?
Gartner* estimates “MDR to be an approximately $100 million market in 2017, growing at a rate of more than 15 percent year over year.” It’s a fantastic solution that ensures organizations are able to augment their team with some of the most talented cyber security analysts and threat hunters out there – without the cost implications of building out a team with this talent.
Check the blog next week to find out how automation can be leveraged most effectively to ensure a robust security posture amidst the cyber skills shortage.
* Gartner, Market Insight: What MSSPs Need to Know About Offering MDR Services, Sid Deshpande, Craig Lawson, Toby Bussa, Kelly M. Kavanagh, 3 January 2018
Fidelis MDR delivers industry-best talent and solutions to proactively hunt threats, speed up investigations, and stop detected threats. Fidelis MDR can augment your existing SOC with proactive threat hunting or act as your trusted security team running the Fidelis Elevate™ platform. Gain a competitive edge with the benefits of unmatched security expertise and a unified security operations platform designed to protect the most complex environments.