By Jack
Danahy, SVP / Strategy and Chief Evangelist, Alert Logic
The only
certainty in cybersecurity is that defending your environment will always be a
challenge. As businesses ramp up their digital transformation, they're being
met with an increasingly troubling threat landscape: the numbers of identified
vulnerabilities, data breaches, and compromised records are all on the rise.
Predictably, investment in a complex array of security point solutions and
products has gone up as well. Why, then, do the defenders continue to lose
these battles?
The reason
is because no level of investment can ever provide 100 percent protection from
all threats and all attackers. Ask any CISO or security vendor if they feel
perfectly confident in their capability to block all attacks, and they will, to
a person, admit there is "No silver bullet."
Likely as not, that's the phrase that they'll actually roll out. The
frank admission of this exposure is finally leading businesses to recognize
that an effective cybersecurity portfolio isn't the sum of the features and
capabilities of the tools it contains, it's the results - the outcomes
- that they deliver. The most-desired outcome? Reduce the likelihood of
successful attacks, and if one gets through, minimize the impact and costs.
The way to
achieve both of these outcomes is by integrating Managed Detection and Response
(MDR).
Evolving
from MSS to MDR
MDR is a
meaningful evolution from traditional managed security services (MSS). Decades
ago, organizations realized that monitoring and managing a collection of point
solutions required security skills and experience that they simply didn't have.
As a result, many turned to managed security services to augment their internal
security capabilities. They work with these providers to partially or fully
outsource security tasks like firewall management, endpoint anti-virus updates,
and intrusion prevention and detection. In doing this, they have been capable
of, achieving a basic level of security within the budgets that constrained
them.
While MSS
has relieved understaffed IT teams of day-to-day management of security
technologies, it has not satisfied the strategic imperatives to minimize the
likelihood or impact of those successful attacks. Traditional MSS delivers
security management capabilities, including the pass-through of high-volume
messaging from the native mix of security technologies. MSS's aren't equipped
to proactively identify and investigate threats or respond to sophisticated
attacks in progress because those threats typically span multiple technologies,
and the skill necessary to handle them are well beyond administration of
tooling.
The benefits
of MDR are derived from its emphasis on comprehensive visibility of assets,
constant vigilance through 24/7 monitoring, proactive threat hunting, and human
intermediation. Unlike the more general-purpose MSS providers, MDR is purpose-built
to rapidly detect attacks and prevent or minimize their damage. The technology
supports the teams, and the analytics support the outcomes.
The
Goal Is What It Gets You
The best business
decisions are made with an eye on the expected outcome, as is demonstrated by
annual reports, quarterly meetings, and bonus plans. Organizations don't make
critical technical decisions like migrating to the cloud because they've fallen
in love with the architecture or infrastructure. They move assets to the cloud
to capitalize on the reliability, scalability, and potential cost savings. They
don't shop for specific SaaS tools, instead they embrace SaaS platforms and
applications that deliver the capabilities they require without the investment
required to do it themselves.
The same
approach is now being taken in cybersecurity, through MDR. The outcome, rather
than the means of achieving it, is what ultimately matters. Whatever solution
you choose must make you confident that it will reduce the likelihood or impact
of successful attacks.
The
Outcome Is the True Value
Too often,
businesses get caught in a cycle of adopting increasingly complicated tools to
contest increasingly complex threats. Rather than better security, the result
is an ever-higher noise level burdening an already overtaxed team.
A better
approach is to focus on the outcome you want. Ask yourself: Do I have complete
visibility of my environment? Can I detect and stop the spread of an attack in
real-time? If an attack is successful, how quickly can I recover?
The best way
to answer these questions, and drive the outcomes you need, is to understand
and embrace effective MDR.
--
Previous Articles in the Series:
1. Defining MDR and MSS
2. Defining Detection Left of Boom and Right of Boom
3. Defining Visibility and Threat Management
4. Defining Active Threat Hunting and Threat Intelligence
5. Defining Daily Tasks and Skills of a SOC Analyst
6. Defining Success for a SOC
##
About the Author
Jack Danahy is SVP / Strategy and Chief Evangelist at Alert Logic, where he applies nearly 30 years of security experience to the challenge of managed detection and response (MDR). He is an innovative security leader with proven success creating, delivering, and evangelizing new security approaches. He has founded three successful security companies, most recently the endpoint and behavioral analytics firm Barkly, acquired by Alert Logic in 2019. In 1999, Jack founded Qiave Technologies (acquired by WatchGuard Technologies in 2000) and in 2003, he started application security pioneer Ounce Labs (acquired by IBM in 2009). At IBM, Danahy was Director for Advanced Security, and also led the delivery of security services for IBM across North America. Jack holds a dozen security patents and is a frequent writer and speaker on a wide range of security topics.