Security

How Managed Detection and Response Can Enhance Data Protection Efforts

MDR services can relieve some of your organization’s cybersecurity burden, but not all vendors offer the same benefits.

Joe Kuehne is an Associate Editorial Director at BizTech magazine.

As the volume of data being generated worldwide has skyrocketed, the threat landscape has expanded along with it. Many organizations struggle to develop and maintain a security strategy that can compete with the continually evolving tactics of threat actors.

The rate of attacks continues to increase, leaving many organizations at risk of a breach. According to a recent survey by Positive Technologies, in the second quarter of 2022, “the number of attacks on industry rose by 53%. The industrial sector accounted for 13% of all attacks in Q2, an increase of 5 percentage points from the previous quarter. Analysts found that malware was employed in 76% of the attacks, with ransomware accounting for 61% of attacks. Most attacks led to operational disruption (53%) and leakage of confidential information (55%).”

Managed detection and response providers can help implement a security posture that can minimize downtime and provide more thorough recovery in the event of an attack. But with so many players offering MDR services, it can be difficult to know where to start.

DIVE DEEPER: Learn how to improve your security stance with the help of MDR services.

Dominick Daidone, cybersecurity practice lead at CDW, says organizations considering the use of an MDR vendor should begin by asking themselves: Does my team have the skill set to deal with the day-to-day tasks that MDR and endpoint detection and response (EDR) provide?

“Is my organization ready to handle an incident at any time of the day, or 24/7 monitoring?” he says. “Do I always have somebody ready to actively respond to an incident?”

Evaluating MDR Vendors Is Critical

Choosing an MDR vendor requires assessing both your internal skills and the security needs that your organization can’t meet on its own. It’s also important to recognize that not all providers offer the same kind of service. “Depending on the vendor or the partner, some will offer full soup-to-nuts, hands-on-keyboard service when it comes to remediation. Others will take the form of guidance,” says Michael Cappiello, senior inside solution architect at CDW.

“Some customers may simply want to concentrate on EDR and the endpoint itself, versus those who may want to expand into network cloud. And some customers want to have a service that doesn’t really care what you’re feeding it, as long as they can take that data and just make sense of it,” Cappiello says. It all depends on the needs of the organization.

Daidone suggests that an assessment of a company’s internal situation in addition to an evaluation of potential vendors will help clarify MDR choices. “First, assess your own organization. Next, evaluate the vendor organizations and MDR capabilities out there,” he says. “And then see how it fits internally.”

Click the banner below to receive exclusive content on security when you register as an Insider.

Supply Chain Security Adds a New Wrinkle

Sometimes an organization will be vulnerable to infiltration even when doing its best to protect itself, due to a security gap somewhere in its supply chain. For this reason, it’s important for any organization to always be aware of the cybersecurity policies implemented by partners and vendors.

Cappiello says it can open an organization up to attack when other companies in its ecosystem aren’t continuously assessing their own security. “It’s much easier to either move toward social engineering or move toward existing exploits, simply because customers are not diligent about hardening their systems,” he says. “Sometimes it’s new stuff, and sometimes it’s just really old stuff. And if it’s not kept buttoned up, then that’s where we see some of these exploits that are coming out of the woodwork that had possibly been around for a while. And believe it or not, we still do get customers that are not diligent in that regard.”

According to Daidone, “Third-party risk is something I’m seeing a lot of. I think that many of the organizations we talked to don’t have meaningful ways to evaluate these types of risks.”

“You may have the best defenses in the world, but if you have some bad people, or trust in people who have very bad privacy practices, you could become a target through some of those third-party vendors.”

Cappiello says larger organizations are just beginning to get a handle on dealing with third-party risk. “How can I figure out if someone I’m working with is taking security seriously?” he says. “Sure, there are forms and you can ask for this information, but what’s your confidence level there? Is there a way to evaluate that actively or passively, and from what you can see in front of the firewall, or if you can get a view?”

Working Within a Framework Can Better Protect Your Data

Both Daidone and Cappiello highlight the importance of using a framework for detection and response. “I can’t tell you how many customers have homegrown security programs that aren’t evaluated against a framework that are just blatantly missing huge areas,” Daidone said.

He recommends performing a gap analysis to help an organization determine the strengths and weaknesses of its security efforts. “I think a gap analysis is really good because it helps an organization figure out the latticework and, internally, identify the technology needed to help address that.”

“Latticework refers to the tools and rationalization assessments, or how to map your tools back to certain frameworks; for example, do I know that Tanium meets Control 1 and 2 of the CIS Top 18?” he explains. He notes that if organizations want to map their tools against a framework, they can rely on trusted partners such as Focal Point, a CDW company, to provide the necessary workforce training and development.

Getty Images/ gorodenkoff