Extending the Promise of SASE with MDR 

Managed detection and response (MDR) services have recently gained attention as a way to deal with the growth in cyberthreats. MDR services are often classified as a turnkey solution for businesses looking to reduce response times to detected threats. 

However, deploying an MDR service is not as easy as it seems. Deployment usually requires opening up the appropriate firewall ports, setting up service accounts for log collection, deploying agents and collectors, and integrating with other cybersecurity tools. 

The potential for deployment complexity is often a necessity since MDR services tend to be stand-alone platforms that integrate with existing products or services in the networking stack. What’s more, the need to manually integrate MDR services into the security stack can create blind spots, especially if a particular device is overlooked or a log is not set up for collection by the MDR service.

“What if MDR could be a native part of the networking stack?” Etay Maor, senior director, security atrategy at Cato Networks asked. That’s an interesting question, one that can be answered with a secure access service edge (SASE) solution, according to Maor. 

SASE is technology designed to combine the networking and security stacks using SD-WAN technology, where the edges of networks are connected to data centers via encrypted tunnels, eliminating the potential for eavesdropping on data while also adding another layer of security to protect any network traffic.

The number of vendors providing SASE has grown over the last year, with players such as Cato Networks, Cisco, Cloudflare, Forcepoint, Fortinet, Open Systems and many others.

“SASE provides a wonderful foundation for the security stack,” added Maor. “Since all network traffic moves through SASE, it gives you unprecedented visibility into the traffic, making SASE a key inflection point for analytics and cybersecurity.”

Many SASE vendors are exploring the enhanced possibilities for integrating advanced cybersecurity tools directly into the network stack. For example, Cato Networks has offered zero-trust network access (ZTNA) options, as well as secure web gateways and application-aware firewall services, for some time.

“Despite most SASE vendors offering several cybersecurity tools, there is obviously room for improvement,” said Maor. “Take, for instance, malware and threat detection as well as endpoint protection. SASE could also take on those roles.”

Case in point: MDR, Cato Networks has announced that they will be offering MDR as part of their security stack to extend internal threat detection capabilities and continuously monitor the network for compromised, malware-infected endpoints. 

“One advantage of the MDR service is that it provides zero-footprint detection of persistent threats without the need to install agents or appliances,” said Maor. “Because all network traffic is flowing through the SASE solution, it already provides the visibility needed.”

The company claims their MDR service uses machine learning algorithms to mine network traffic for indicators of compromise, which is paired with human verification of detected anomalies. Customers are then advised how to remediate compromised endpoints.

Other SASE vendors, such as Open Systems, are also looking to provide MDR services as part of their offerings. However, not all MDR services are alike, and those choosing to pair SASE and MDR to improve cyberresilience must consider critical factors, such as:

  • Response time: How quickly are threats detected and responded to?
  • Remediation: Can known threats be remediated automatically?
  • Compliance: Can threats to compliance requirements be detected?
  • Privacy: Are threats aimed at data theft and lateral movement detected?
  • Disruption: How disruptive is the MDR service?

Just as important is that adopters realize that MDR is only one part of a comprehensive security stack; however, it is quite clear that SASE can go a long way towards making MDR more effective and more responsive.

 

 

Avatar photo

Frank Ohlhorst

Frank is an award-winning technology journalist and IT industry analyst, with extensive experience as a business consultant, editor, author, and blogger. Frank works with both technology startups and established technology ventures, helping them to build channel programs, launch products, validate product quality, create marketing materials, author case studies, eBooks and white papers.

frank-ohlhorst has 40 posts and counting.See all posts by frank-ohlhorst