MDR Is Integral to the Future of Cybersecurity

Companies’ emerging need for a security solution that offers more than just limited anti-malware capability is birthing a new tool called Managed Detection and Response (MDR). This tool helps medium and small enterprises limit risk to their businesses and offload protection to a team that’s ready to tackle any threat, while keeping costs low.

DevOps Connect:DevSecOps @ RSAC 2022

Security operations need to be directed by threat intelligence. An organization that simply follows the market will always lag behind the bad guys. Staying ahead of the curve, mitigating the impact of attack, and preventing security incidents, all while sticking to the budget, is on the wish list of any CEO.

Organization can no longer remain safe just by installing an endpoint security solution. The tactics, techniques, and procedures (TTP) of today’s sophisticated attackers are more than enough to evade some traditional protection solutions.

The obvious solution would be to deploy a dedicated response team and a security operation center (SoC), but that drives total costs of ownership (TCO) well above the security budgets of small and medium businesses. In fact, MDR protection is available at a fraction of the cost, which frees up the IT department to deal with other projects essential to the business.

MDR is designed to identify and remove cyber threats from a company’s environment with the help of an offsite security operation center and a dedicated team. Since this is a 24/7 operation, it’s also proactive — the security analysts can step into the customer’s environment to look for adversarial behavior rather than rely on a tool that reactively detects that something is going on.

On-demand security expertise with MDR

Organizations often want a silver bullet, a piece of software or some outsourcing option that can provide 100% protection. But that’s impossible, for many reasons. For one, companies no longer have all the infrastructure in the same place and people have connections from everywhere, sometimes through unsecured devices. Also, a diverse team of highly trained and skilled security experts in-house implies higher ongoing costs.

Another important issue is that recent attack tactics involve stolen credentials. Once a bad actor insinuates itself into critical infrastructure with real credentials, regular tools are no longer enough. In the case of MDR, security is not about preventing attacks; it’s about preventing critical and long-lasting business impact and making sure it doesn’t happen again.

One main advantages of Managed Detection and Response is threat hunting. The “response” part of the name is about using threat-hunting and forensic capabilities with contextual, actionable threat indicators. It all ties in with the Advanced Threat Intelligence services, which also includes SIEM (Security Information and Event Management), TIP (threat intelligence platform) and SOAR (Security Orchestration Automation and Response).

Endpoint protection, management, and response from MDR all tie together into a single product, but it’s not one-size-fits-all. Depending on the needs of an organization, the level of feedback, integration or even size, MDR fits in different ways. The best analogy would be water, which takes the form of whatever container it’s poured into. In the same way, MDR is adjusted to perfectly fit the right pattern.

Staying ahead of the curve with MDR

All companies want to grow, expanding from on-premise to the cloud. But any expansion also increases the attack surface. The main advantage of adopting MDR is that the rate of adaptation to new attack vectors is faster, as organizations don’t need to invest resources in an area already managed by people trained to stay up to date with the latest threats. Moreover, customers are always informed about potentially dangerous events or strategies for improved protection.

The general trend in software and technology is a slow but sure move towards aaS (as-a-service), which only means that some services are no longer local or even on premise. The same can be said about security, and MDR is proof of that. The SECaaS (Security as a Service) market is expect to double by 2024, underlying the organizations ever-increasing reliance on specialized security services, of which MDR is a prime example.

For a more in-depth discussion about the Bitdefender GravityZone Managed Endpoint Detection and Response Service (MEDR) you can check out the discussion with Daniel Clayton, Senior Director Managed Security Operations, and Jarret Raim, Senior Director, Managed Services. 

Bitdefender’s 2020 TAG Cyber Security Annual Outlook is also available, covering 50 different cyber controls for enterprise, governance, network, data endpoints and industries.


*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Silviu STAHIE. Read the original post at: