MDR: Paving the Way to Cyber Resiliency

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Charlie Thomas of Deepwatch digs deep into cyber resiliency and why MDR is paving the way for the future of cybersecurity.

Is cybersecurity working?

The straight answer? Partially. It’s definitely helping, but it could be much better. The Splunk 2023 CISO Report released in October states that 96 percent of respondents experienced a ransomware attack, and 83 percent paid the attackers. I’m not an alarmist, but these numbers certainly grab your attention.

Having led a managed security provider for the last six years, providing cyber protection for hundreds of major enterprises across many industries, including finance, healthcare, manufacturing, retail, services, infrastructure, hospitality, and others, we have seen many approaches, including many successes and some shortcomings.

MDR: Paving the Way to Cyber Resiliency

Minding the Gaps

I continue to see gaps in the fundamentals of successful cybersecurity programs. These gaps include updating firewall configurations, auditing policies regularly, applying policies such as deep packet inspection, or updating firmware and system policies on edge devices.

As an industry, we’re good at protecting against older attack vectors, the known knowns. Still, as we advance and increasingly migrate to the cloud, where day-to-day maintenance is off-loaded to third parties, the industry is no longer as diligent about remaining legacy elements of its environment.

Here are some questions to consider with your existing cyber tools:

• Have you deployed the latest agent version available on your endpoint detection?
• Perhaps you intentionally delay installing the latest software version because you don’t want your business to be a beta customer. Understood. But how many revisions are you behind? Is this n-2 applicable across all of your agents for that endpoint?
• Same questions on your firewall – when did you last audit your existing firewall policies and active rules or cloud compliance policies?
• Do you have any vulnerability scanning gaps? Authentication issues for authenticated scans? Connectivity issues with network scans? Scanning external assets that aren’t part of your environment?

None of these are the interesting or innovative areas of cybersecurity, but in the same way we develop tech debt in the coding world, we also develop security debt.  As an industry, we look to cyber tools to solve the next big thing that drops. For example, generative AI and hyperautomation are changing how cybersecurity is managed and coordinated. However, these exciting new technologies cannot solve every issue, including the security tech debt mentioned above.

The new generation of cybersecurity will leverage language models to meld disparate systems to get more value out of the tools you have already acquired. Managed Detection and Response (MDR) has become the glue of advanced detection and response. Cybersecurity is working, but it could be more consistent and more effective. It requires discipline, rigor, automation, innovation, continuous learning, and inspection.  MDR will continue evolving and will soon become the platform and intelligence engine that can direct swift, accurate responses, verify capabilities, and communicate the tactical and strategic upgrades needed. The new generation of MDR will enable enterprises to become cyber resilient.

The Challenge of Defending Expanding Attack Surfaces

The transformation of corporate networks has ushered in a host of new vulnerabilities and complexities. The expansion of internal and external attack surfaces has been driven by the widespread adoption of cloud infrastructure, Software as a Service (SaaS) platforms, the exponential increase in endpoints, and the prevalence of remote work arrangements. IBM’s State of Attack Surface Management report highlights that a staggering 67 percent of organizations have witnessed the expansion of their attack surfaces in recent years, with 69% falling victim to compromises through internet-facing assets.

As if these challenges weren’t daunting enough, critical threats are multiplying, spurred by the surging ransomware industry. Ransomware attacks, in particular, have become more brazen and destructive. The persistent threat of information-stealing malware, the exploitation of internet-facing vulnerabilities, and the infiltration of open-source code demand ongoing vigilance from organizations.

Alarming statistics reveal that a staggering 26,447 software security flaws occurred in 2022, with the number of critical vulnerabilities (CVEs) rising by 59 percent compared to the previous year.

New threats continue to evolve at an alarming pace. The market has experienced significant surges in new malware designed to steal sensitive information and increased credential-harvesting websites. Notably, GitHub source code repositories have become increasingly attractive attack surfaces, while container files persist as common vectors for delivering malicious software through social engineering tactics.

We expect the exploitation of vulnerabilities to persist as the primary method for gaining initial access, closely followed by phishing and credential abuse.

Interestingly, the global cybersecurity community’s willingness to share security research and analysis inadvertently provides cybercriminals with insights into their adversaries’ tactics, techniques, and procedures.

The Pivotal Role of MDR

Modern MDR services have emerged as the linchpin in bolstering organizations’ resilience against these multifaceted threats. These services provide highly effective, efficient, remotely delivered, and human-led Security Operations Center (SOC) functions, seamlessly integrating with existing cyber tools, internal teams, and operations.

One of the primary advantages of MDR providers is their ability to deliver continuous 24/7/365 SOC coverage, eliminating the need for internal staff to work night and weekend shifts. This results in constant monitoring, proactive threat hunting, and swift detection and response capabilities. As a result, organizations can identify and remediate cyber threats before they inflict significant damage.

The growth of standalone security tools, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR), has placed a considerable burden on security teams. Managing an average of 76 cyber tools in an enterprise has become daunting. MDR services excel when operating in close partnership with a customer’s internal security operations team. This collaboration leads to a high level of automation, enabling faster detection and response actions through predefined and custom escalation workflows, thereby significantly reducing risk.

MDR providers offer expert guidance for prioritizing threats according to the appropriate response level. They have become experts in harnessing machine learning, artificial intelligence, and automated tools to detect and rank threats. MDR providers enhance threat hunting and enable real-time investigation and response coordination, ultimately elevating a company’s security posture.

One of MDR’s core strengths, distinguishing it from other solutions, is its turnkey Threat Detection, Investigation, and Response (TDIR) capability. If you had $100,000 to invest in protecting your company’s brand, data and reputation, how would you invest it?

• Defense (Identity, Endpoint, Cloud, SIEM, Vulnerability Management)
• Detection (Endpoint, XDR, MDR)
• Response (MDR, Incident Response)
• Backup (Storage)
• Recovery (MDR, Incident Response, Internal or External Cyber Team)
• Insurance (increasingly expensive and complicated to obtain)

All are important, and a compelling argument can be made for each. Most likely, you cannot support all of these within your budget. If you start with the assumption that a breach is inevitable, then your investment strategy might shift. Cyber resilience, the ability to respond, withstand, and recover from a cyber attack, rises to the top of any priority list.

Cyber Resilience in a Dangerous Digital World

As organizations grapple with the formidable challenges of recruiting, training, and retaining qualified security experts to confront the unprecedented spread of cybercrime, managed security services such as MDR have emerged as indispensable assets. They fill a critical need for cyber resilience in an increasingly risky digital world, helping organizations navigate cyber threats’ intricate and evolving landscape with confidence and effectiveness.