Is MDR Cybersecurity Training an Oxymoron?
MDR (Managed Detection and Response) services are becoming popular with enterprises that lack the internal cybersecurity expertise to fully secure their networks. This lack of cybersecurity expertise is an issue that is becoming far too common for many organizations. However, that begs the question – is MDR cybersecurity training an oxymoron? Simply put, most organizations move to MDR services to acquire external expertise, meaning they hope to eschew the need for internal cybersecurity training.
So, how exactly does training on MDR fit into an enterprise cybersecurity narrative? Perhaps it is not a perfect fit, but MDR-specific training does play a role in the enterprise, at least according to RangeForce’s president, Gordon Lawson. “There is never a point, I think, in our industry, in cybersecurity, where someone has tapped out on their knowledge. There’s always room for growth; even if you’re an MDR provider, and you have a room full of experts,” Lawson said.
RangeForce, a cybersecurity training provider, is pursuing the goal of educating both MDR providers and enterprise users on the intricacies of cybersecurity. “MDR providers usually have a spectrum of expertise – entry-level folks, mid-level folks, senior folks and providers should always want those people upskilling.” said Lawson. “Enterprises selecting an MDR should research options and ask what sort of training that MDR provider is doing internally to make sure their people are at the right level to defend the enterprise.”
Although the concept of MDR services is not new, the threats that MDR providers face are constantly evolving, meaning that even a minor skills gap could spell disaster for customers. With that in mind, RangeForce has partnered with Texas-based CRITICALSTART, an MDR service provider, to promote cyber skills readiness training and cyber awareness. One of the major goals of the partnership is to expose cyber professionals to cyber simulations within cybersecurity sandboxes; providing virtual environments in which to understand, experience and resolve real-world threats, without exposing critical systems to any actual danger.
“Exposing cyber professionals to threat vectors in a benign environment allows them to experience what a cyber attack or incident is going to look and feel like. The simulation allows them to experience an attack vector and guides them through the right responses before they see it for the first time, for real,” Lawson explained.
While those capabilities are important for MDR providers to build capable staff, they also prove valuable to the enterprise, especially those enterprises looking to maximize what they can get from an MDR. They can then extend that expertise and those services internally to supplement enterprise resources.
“We’re seeing large organizations that have both a hybrid, internal SOC and MDR services that are looking to establish a cyber skills baseline,” Lawson said. “Those organizations are buying training licenses for contractors that are assigned to them, to ensure that everyone is on the same page when it comes to incident response.”
For CRITICALSTART, cyber training is quickly becoming both an internal and external function. “We are excited to partner with RangeForce to address the cybersecurity training needs of our customers,” said Tera Davis, managing director, CRITICALSTART. “Their approach to cyber simulation can fulfill the unique needs of organizations of all sizes.”
For the enterprise, cybersecurity training can become a litmus test for how capable an MDR provider is, while also helping to establish internal experts that may lessen the need for MDR services to begin with, or at least reduce the costs associated with MDR by assigning some of the cyber tasks to internal staffers.
What’s more, simulation-based training can also gauge the readiness of enterprise staffers to deal with the latest threats, threats that may not be monitored by an MDR provider, especially those that involve hybrid cloud deployments. Ultimately, MDR-based cyber education is quickly becoming anything but an oxymoron for enterprises looking to reduce their vulnerabilities and become more resistant to the latest attack vectors.