With distributed workforces and rising cloud adoption, cybersecurity threats are on the rise and creating new risks. Dave Martin, vice president of managed detection and response (MDR) at Open Systems, examines the shortcomings of managed security service providers, why the DIY method is failing in a talent-scarce market, and why managed detection and response is currently the best strategy.
Many businesses have realised that the DIY, best-of-breed approach to security is not keeping them safe because of the growth in cybersecurity threats since the pandemic and the transition to remote work, which has led to an increase in access points vulnerable to assault.
On paper, the concept of putting together thorough security stacks including the finest firewall, endpoint sensor, cloud access security broker (CASB), and numerous other products from different vendors seemed like a wonderful idea. Even while these tools may be excellent, they must all be carefully configured and frequently changed to take into account a company’s shifting security needs in order for them to work as intended. It is difficult and time-consuming to configure and reconfigure so many tools, but if done incorrectly, it leaves openings and weaknesses that malicious actors might take advantage of. All too frequently, this has led to successful attacks that could have been avoided.
DIY Is Not Viable
This is made worse by the fact that many of these breaches go unreported. Even when tools are set up correctly, they can produce a steady stream of low-fidelity alerts that create excessive noise, making it more challenging for understaffed and overworked SecOps teams to recognise and investigate signals suggesting a serious crisis. This situation is rather typical, especially for businesses with limited resources who are unable to acquire enough security specialists due to the persistent skill scarcity in the field of cybersecurity.
In order to support an organization’s cybersecurity capabilities, it is crucial to have assistance from an experienced engineer—or, more ideally, a team of experienced engineers—who can monitor for threats round-the-clock, investigate true positive alerts, remove unnecessary tools, and supplement the necessary ones with managed services.
The MSSPs’ Limitations
Many small to mid-sized enterprises (SMBs) now have access to managed security service providers (MSSPs), which can either enhance internal security efforts or take over security fully. MSSPs provide network security services to businesses, easing the burden on IT staff and giving them more time to concentrate on their core business. Some of these MSSPs have a dubious reputation for merely forwarding alerts of potential dangers to customers for them to address on their own, rather than carefully reviewing each alert to establish whether a threat actually exists.
The majority of MSSPs provide security assets, vulnerability scanning, SIEM, outsourced management of tools and devices (including firewalls and VPNs), security assets, and a security operations centre (SOC). While an MSSP will notify the client of a threat it has discovered, it is typically up to the client to take action. That is one more facet of cybersecurity that requires a lot of time and attention from a company, along with choosing which critical warnings to prioritise.
When the expectations are clear from the start and the customers are aware of how the MSSPs can enhance their existing internal cybersecurity capabilities, they have had success with MSSPs.
A business that currently has the internal capacity to identify threats and take appropriate action is an excellent candidate for an MSSP. But even if a business agrees to engage with the MSSP, it will still have to put in extra effort to maintain its security.
How Can MDR make a Difference?
By actively searching for dangers and evading current rules, managed detection and response (MDR) has become a more effective method for managing and detecting hazards early on. In contrast to MSSPs, which frequently leave handling attacks to the organisation, it offers the additional benefit of an active response to attacks. MDR is the newest managed security service to emerge in response to the restrictions posed by a lack of cybersecurity talent and the issue of too many technologies producing excessive numbers of false positive alarms. An MDR service provider focuses on outcomes rather than alerts, identifying breaches as early as feasible to avoid them and responding with a remediation plan if a breach does occur.
According to a recent study by Osterman Research, “The managed cybersecurity services market is undergoing a significant shift. As organizations struggle with too many alerts, too few security analysts, and increasingly complex security stacks, they are rapidly upgrading from Managed Security Service Providers (MSSPs) and legacy security tools such as SIEMs that aggregate alerts, to action-oriented MDR services. Although detection remains a core capability, MDRs add automated response capabilities and access to seasoned cybersecurity professionals, enabling organizations to address alert overload, talent shortages and budget constraints.”
According to the Osterman report, 79% of users of legacy MSSP services intend to switch to MDR services. The primary causes of MDR adoption? help build round-the-clock security operations, automate response capabilities, enhance threat detection, and support for cloud services.
Better Cyber Risk Management
An MDR service provider can use an existing security aircraft for the majority of mid-market businesses without a SOC, negating the need to buy separate and competitive security stack components. In these circumstances, clients merely need to pay a regular service price and are sheltered from additional technical costs. In a time when security threats are getting more and more serious, this cost savings is tremendous. Having a SOC means that a firm will have cybersecurity experts protecting their vital assets around-the-clock.
In a word, by handling the minute details required for fully operationalized cybersecurity, an MDR service provider saves businesses time and money. Since talent is scarce, attack surfaces are growing, and there are more risks than ever, it is the best way to safeguard and staff organisations.
A declared mission in support of the goal guides an MDR service provider’s operations from the outset. While it is simple to get lost in the specifics and methods, everything must be connected to the final outcome, which is the higher-level goal. A good MDR service provider evaluates the environment after the mission is created (what is normal and anomalous to a particular organization). Then it works together with the various teams inside that organisation to create a plan, a system, and measures. The latter extends beyond the average amount of time it takes to find and fix security flaws. Additionally, it includes other metrics that necessitate a thorough comprehension of the attack surface and the operational reality of the company.
To make sure an MDR service provider is a good fit, customers must analyse them. For instance, an MDR supplier specialising in AWS solutions will be of the utmost use to a firm using AWS. A MDR supplier should be sought out by businesses with existing security investments so that they can make use of them rather than completely replace them. For instance, many businesses that use Microsoft Azure also use the powerful Microsoft E5 security suite.