The nature and intensity of cybersecurity risk is constantly changing. Unfortunately, organisations in the UK and around the world are still facing serious difficulties in finding and retaining skilled security staff that can tackle this evolving threat. The global cybersecurity skills crisis is slowly improving, with the size of the workforce shortage dropping from 3.12 million in 2021 to 2.72 million last year. But this progress is nowhere near fast enough – which is one reason why organisations are choosing to invest in solutions such as Managed Detection and Response (MDR).
Gartner has predicted that half of all organisations will be using MDR services by 2025. However, there is still confusion about what services MDR should provide – with some vendors offering little more than the reactive investigation of automated alerts. We believe that investing in MDR is one of the best security decisions an organisation can make. So, what should security leaders be looking for when considering MDR?
We know that a proactive defence is the best way to respond to cybersecurity risk. Organisations should be actively searching for threats, monitoring danger, and responding quickly when an attack is identified. It is no longer sufficient to secure endpoints and enable firewalls.
A proactive defence must combine risk monitoring with threat hunting and the ability to respond to threats. However, technologies such as extended detection and response (XDR) and security information and event management (SIEM) are often missing key proactive security elements – particularly when deployed by in-house teams. Traditional managed security service providers (MSSP) also focus on monitoring logs and alerts yet tend to generate a large number of false positives and usually fail to incorporate proactive mechanisms.
The task of deploying XDR and SIEM is non-trivial, requiring time, effort, and knowledge. Implementing these systems across cloud, servers, endpoints, and networks can take months. Then, once the solutions are in place, security teams must learn how to configure and maintain the new systems.
Although these solutions can collect data, detect threats, and enable investigations, they require expertise which is not always available due to the ongoing skills shortage. MDR improves upon XDR, SIEM and other technologies by significantly reducing time-to-value. An MDR provider such as KryptoKloud can deliver high-quality services in a matter of hours, offering around the clock monitoring and threat intelligence as well as the experience needed to get the best out of the products they offer.
How To Choose an MDR Vendor
MDR vendors’ threat hunting and detection methods differ substantially. Decision makers should look for providers that offer human-led hunting and investigations powered by 24/7 monitoring and real-time analysis undertaken within a TEAM ethos and centralised in a true 24/7 Cyber Operations Centre. When a threat is detected, MDR providers must be able to take action remotely to isolate systems. MDR should also go beyond the endpoint, which means suppliers should be able to deliver EDR as well as XDR and SIEM. Providers must enable the collection of threat telemetry and forensic data from networks, email, cloud, and other parts of the IT infrastructure.
MDR Providers should also be able to offer true Incident Response service offerings – after all, if it does go wrong – you should have the peace of mind that the first responders on the ground are your chosen cyber service provider.
Threat intelligence is also a key part of the picture. An MDR provider with its own research department and the ability to draw on external intelligence will give organisations an advantage over adversaries. When choosing a provider, it is important to understand how it conducts research. Does it reverse engineer malware, carry out breach investigations and closely examine the behaviour of threat actors? The answer to these questions should guide decisions.
A provider’s experience is fundamentally important. MDR partners must be able to proactively respond to threats and take actions in an organisation’s environment. To do this, they need to possess field experience. Finally, a provider’s culture should be considered to ensure it will be a good fit and enable a long-term partnership.
When these points are answered, organisations can make an informed decision which is likely to be an excellent security investment.
Choose MDR and you choose a more secure future.
Choose KryptoKloud and ensure your Cyber and Business Resilience.