Managed Detection and Response (MDR) vs. Best of Breed

Technology is constantly evolving, and the threat landscape is constantly adapting. As organizations struggle to monitor and protect an increasingly complex environment from existing and emerging threats, they also need to weigh the pros and cons of deploying an array of best of breed point solutions versus an integrated managed detection and response (MDR) platform.

This debate is not new. It seems logical to want to have the best possible product for each element of your cybersecurity infrastructure. However, the benefits of those different tools and applications have to be considered in the context of the added complexity and additional effort required to achieve the best security outcomes.

Basic Cybersecurity Needs Today

Before you can begin to determine the best approach for your cybersecurity strategy, you first have to understand the cybersecurity needs you’re trying to address. There are a variety of products and tools available, but no matter what you choose or whether you go with an integrated system like MDR or best of breed, you should ultimately be able to answer questions like:

  • Are my endpoints—whether servers or desktops on premise or in the cloud—compromised or running malware?
  • Is one of my users doing things out of the ordinary or actions that are unusual or suspicious?
  • Is my data safe and will I detect attempts to corrupt or exfiltrate sensitive data?
  • Am I achieving and maintaining compliance with relevant regulatory and industry frameworks?

Elements of Effective Cybersecurity

Next, you have to determine the tools and technologies you need to have in place to answer those questions. There are a variety of solutions available, from commodity tools to very sophisticated niche applications. The question is which ones will work best for your situation to help you achieve the best possible protection.

You need the ability to monitor and log network traffic, as well as the ability to analyze user activity to identify anomalous behavior. You also need visibility of activity on endpoints connected to your network, and the capability to detect and resolve vulnerabilities before they can be exploited by attackers.

You also need to have sufficient visibility to understand attacks that may intentionally componentize their behavior or spread various attack components across multiple machines.  With that visibility, you’ll also need the analytic strength to make sense of it and recognize malicious activity when it happens.

Challenges of Best of Breed Cybersecurity

It makes sense to want to have the best possible tool for monitoring network activity and behavior, and to ensure you have the best possible endpoint security solution in place, and that you choose the best of breed for every other element of your cybersecurity infrastructure as well. However, implementing and managing a collection of best of breed solutions also comes with some unique challenges that are not present in an integrated system.

In a vacuum, each tool may be best of breed—but your network and data don’t exist in a vacuum. You need a holistic cybersecurity strategy that protects end to end, not just the specific aspects of each best of breed point solution.

Best of breed tools may paint you into a corner when it comes to vulnerability detection content and threat intelligence—forcing you to make concessions in other areas to accommodate proprietary data. You’re forced to deal with the complexity of managing a cybersecurity infrastructure comprised of multiple vendors. There is no simple shortcut to integrate a disparate array of tools.

The MDR Sum Is Greater than Its Parts

When it comes down to it, the best of breed strategy doesn’t work for most organizations. The additional complexity and the challenges of getting the tools to play together typically results in a weaker security posture.

An integrated managed detection and response platform, on the other hand, provides comprehensive cybersecurity that is greater than the sum of its parts. A well-architected MDR tool stack works cohesively and is integrated by default. Individual best of breed features may be missing in an MDR platform, but those missing niche features are more than offset by the increased visibility and analytic robustness of solid MDR.

The comprehensive visibility of an integrated platform also provides the means to identify sophisticated attacks, particularly those that run low and slow, or pass immediately into memory through unknown browser or web application vulnerabilities.  These can only be detected and disrupted through a more holistic approach, integrating information from disparate sources, like endpoints, and with a more complete understanding of what’s happening beyond a single technology’s purview.

In the end, total protection against 100% of threats is not practical or possible no matter what tools you use. Arguably, the most differentiating component of MDR, beyond best of breed point solutions, is the “M”. Effective cybersecurity requires a combination of the right platform, actionable intelligence, and cybersecurity experts monitoring 24/7 to recognize threats and prioritize security incident response based on context. Without a human with the necessary knowledge and skills to manage it all, the underlying platform is of little consequence.

Rather than struggling to choose, implement, and manage a random collection of best of breed tools, find an MDR provider you can trust—a partner that will work closely with you to understand your unique business and unique needs, and empower you to effectively address whatever threats may come. You don’t need best of breed tools; you need the peace of mind that comes with best of breed cybersecurity.

About the Author

Rohit Dhamankar

Rohit Dhamankar is Vice President of Threat Intelligence Products at Alert Logic. Dhamankar has over 15 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Prior to Alert Logic, Dhamankar served in Product roles for Live Oak Venture Capital at Infocyte and Razberi Technologies. Dhamankar has previously worked in senior roles in several start-up companies in the areas of security analytics, intrusion detection/prevention, end-point protection, and security risk and compliance. These include VP, Click Labs Solutions at Click Security, acquired by AlertLogic, and he was a Co-Founder of Jumpshot, acquired by Avast. He has spoken at several security conferences and customer events world-wide including BlackHat and RSA, and has been quoted in many industry publications including the Wall Street Journal and USA Today. Dhamankar has also worked with the SANS Institute for a number of years to drive awareness around the latest security vulnerabilities and attacks. Dhamankar holds a Master of Science in Electrical Engg from the University of Texas Austin and a Master of Science in Physics from IIT in Kanpur, India.

More Posts by Rohit Dhamankar


*** This is a Security Bloggers Network syndicated blog from Alert Logic - Blogs Feed authored by Rohit Dhamankarn. Read the original post at: https://blog.alertlogic.com/managed-detection-and-response-mdr-vs.-best-of-breed/