How to Increase Your Security Monitoring Without New Hires

Russell joined the institution shortly after that incident, and earlier this year decided to add Arctic Wolf MDR to its cybersecurity arsenal. The technology integrates with the CrowdStrike platform to create redundancy in BCU’s protection strategy and further fortify its IT systems.

Both solutions are installed on all of the organization’s servers and devices, including employee workstations. To simplify the setup and avoid potential confusion in the event a threat is identified, all log data is sent to Arctic Wolf, while CrowdStrike is used for network containment.

“Arctic Wolf has no data ingestion limits, which is nice because it lets us paint the overall picture of what’s happening across our environment,” Russell says. “For the network containment, we’re relying on CrowdStrike only because we’ve had it in place longer.”

READ MORE: How the Chicago Bears and other small businesses found success from managed services. 

Both MDR solutions provide real-time alerts, and both deliver weekly reports that summarize all findings and any actions taken. Russell also meets regularly with a concierge team from Arctic Wolf to discuss emerging threats and recommended defensive strategies, and both services produce regular newsletters covering trends in the space that are relevant to the financial sector.

MDR, Russell notes, isn’t an excuse for him and his team to let their guards down. It is a valuable tool in the cybersecurity toolbox that they’ve learned to deploy efficiently and effectively.

“It’s about making sure that we always know exactly what’s happening on our network,” he says. Because MDR doesn’t allow the cybercriminals to hide, “we can do whatever we need to fight back.”

A Cost-Effective Way to Get Additional Cybersecurity Protection

As any CISO can attest, for a company to remain resilient against cyberattacks, it must know when an attack is underway. The problem is that the attackers are skilled at remaining hidden until it’s too late.

IBM, which tracks data breach trends, estimates that it takes organizations an average of 277 days to identify and contain a breach. During that time, as attackers lurk undetected, many find they can do almost anything they wish.

Between March 2023 and February 2024, IBM reports, the average cost globally to organizations that fell victim to successful cyberattacks was nearly $4.9 million. The good news for at least some of these companies? Those that relied extensively on AI and automation for prevention slashed their breach costs almost in half.

RELATED: Managed service providers can help your organizations achieve its business objectives. 

“For us, that’s been about average,” says Robert Russell, BCU’s director of security. “If over the following 10 days, activity suddenly jumped from 600 million to over a billion, that might be a sign that something was going on and be a reason for us to be concerned.”

MDR, says Craig Robinson, research vice president with IDC’s Worldwide Security Services division, is best understood as a cybersecurity service that blends automation with human expertise. Advanced technologies such as artificial intelligence and machine learning power MDR tools for continuous monitoring, threat hunting, and guided response and remediation. At the same time, specialized vendor SOC teams work in the background, ready to take action at any sign that a customer’s network has been compromised.

Today, the service is leveraged by organizations on both ends of the size spectrum. Smaller companies turn to the service to offload most security monitoring, while larger organizations typically consider their MDR provider a partner for co-managing cybersecurity with their internal SOC teams.

“If you’re a company with fewer than 10 or 20 IT security people, it’s, ‘Here, MDR provider, ingest our data and send a ticket our way when you need us to provide context around something that seems out of the ordinary,’” Robinson says. MDR leads to time and cost savings for small and large companies alike, he adds, but those with relatively few in-house resources stand to gain the most from the service.

“The talent shortage in cybersecurity is what really drives MDR adoption and makes it a clear win,” he says. “You can increase your capabilities 24/7, and you can do it at a lower cost than if you handled it yourself. When you consider the math, it’s a no-brainer. Who wouldn’t go for that?”

UP NEXT: Three IT staffing solutions that can help small businesses. 

This Service Is Vital to Comprehensive Cyberdefense

One IT leader who has decided that MDR is a good fit for his company is Tony Ombrellaro, senior director of information security at Thrive Pet Healthcare. Based in Austin, Texas, the organization relies on Sophos MDR to track activity on thousands of endpoints at the more than 380 veterinary clinics it runs across the United States.

“There are millions upon millions of events that take place on our network every month,” Ombrellaro says. “We don’t have the staff to look at everything, so that’s where Sophos comes into play.”

The solution and service provide around-the-clock monitoring, with experts ready to jump into action should anything questionable be detected. When threats are identified, the Sophos team isolates and eliminates them immediately. The team also runs diagnostics to determine the origin of any exposed threats, and provides reporting and recommendations to help deter similar attacks in the future.

“There are so many different ways that attackers will try to get into an organization,” Ombrellaro notes. With that in mind, his cybersecurity team has adopted a defense-in-depth strategy: MDR isn’t the only component of the company’s network protection program, “but it is a core prevention mechanism, and it adds to our confidence that we’ll be able to detect whatever activity is out there,” he says.

That visibility is priceless, Ombrellaro adds, because even when there’s threatening activity that Sophos can’t fully mitigate on its own, his team has a substantial head start in the race to resolve it as quickly as possible.

“They’ll do that initial triage as much as they can,” he says. “And if it’s something more sophisticated, they’ll hand it off to us and we’ll take it from there.”