Virtualization Technology News and Information
Defining Value from an MDR Solution


By Jack Danahy, SVP / Strategy and Chief Evangelist, Alert Logic

The only certainty in cybersecurity is that defending your environment will always be a challenge. As businesses ramp up their digital transformation, they're being met with an increasingly troubling threat landscape: the numbers of identified vulnerabilities, data breaches, and compromised records are all on the rise. Predictably, investment in a complex array of security point solutions and products has gone up as well. Why, then, do the defenders continue to lose these battles?

The reason is because no level of investment can ever provide 100 percent protection from all threats and all attackers. Ask any CISO or security vendor if they feel perfectly confident in their capability to block all attacks, and they will, to a person, admit there is "No silver bullet."  Likely as not, that's the phrase that they'll actually roll out. The frank admission of this exposure is finally leading businesses to recognize that an effective cybersecurity portfolio isn't the sum of the features and capabilities of the tools it contains, it's the results - the outcomes - that they deliver. The most-desired outcome? Reduce the likelihood of successful attacks, and if one gets through, minimize the impact and costs.

The way to achieve both of these outcomes is by integrating Managed Detection and Response (MDR).

Evolving from MSS to MDR

MDR is a meaningful evolution from traditional managed security services (MSS). Decades ago, organizations realized that monitoring and managing a collection of point solutions required security skills and experience that they simply didn't have. As a result, many turned to managed security services to augment their internal security capabilities. They work with these providers to partially or fully outsource security tasks like firewall management, endpoint anti-virus updates, and intrusion prevention and detection. In doing this, they have been capable of, achieving a basic level of security within the budgets that constrained them.

While MSS has relieved understaffed IT teams of day-to-day management of security technologies, it has not satisfied the strategic imperatives to minimize the likelihood or impact of those successful attacks. Traditional MSS delivers security management capabilities, including the pass-through of high-volume messaging from the native mix of security technologies. MSS's aren't equipped to proactively identify and investigate threats or respond to sophisticated attacks in progress because those threats typically span multiple technologies, and the skill necessary to handle them are well beyond administration of tooling.

The benefits of MDR are derived from its emphasis on comprehensive visibility of assets, constant vigilance through 24/7 monitoring, proactive threat hunting, and human intermediation. Unlike the more general-purpose MSS providers, MDR is purpose-built to rapidly detect attacks and prevent or minimize their damage. The technology supports the teams, and the analytics support the outcomes.

The Goal Is What It Gets You

The best business decisions are made with an eye on the expected outcome, as is demonstrated by annual reports, quarterly meetings, and bonus plans. Organizations don't make critical technical decisions like migrating to the cloud because they've fallen in love with the architecture or infrastructure. They move assets to the cloud to capitalize on the reliability, scalability, and potential cost savings. They don't shop for specific SaaS tools, instead they embrace SaaS platforms and applications that deliver the capabilities they require without the investment required to do it themselves.

The same approach is now being taken in cybersecurity, through MDR. The outcome, rather than the means of achieving it, is what ultimately matters. Whatever solution you choose must make you confident that it will reduce the likelihood or impact of successful attacks.

The Outcome Is the True Value

Too often, businesses get caught in a cycle of adopting increasingly complicated tools to contest increasingly complex threats. Rather than better security, the result is an ever-higher noise level burdening an already overtaxed team.

A better approach is to focus on the outcome you want. Ask yourself: Do I have complete visibility of my environment? Can I detect and stop the spread of an attack in real-time? If an attack is successful, how quickly can I recover?

The best way to answer these questions, and drive the outcomes you need, is to understand and embrace effective MDR.


Previous Articles in the Series:

1.         Defining MDR and MSS

2.         Defining Detection Left of Boom and Right of Boom

3.         Defining Visibility and Threat Management

4.         Defining Active Threat Hunting and Threat Intelligence

5.         Defining Daily Tasks and Skills of a SOC Analyst

6.         Defining Success for a SOC 


About the Author

Jack Danahy

Jack Danahy is SVP / Strategy and Chief Evangelist at Alert Logic, where he applies nearly 30 years of security experience to the challenge of managed detection and response (MDR).  He is an innovative security leader with proven success creating, delivering, and evangelizing new security approaches.  He has founded three successful security companies, most recently the endpoint and behavioral analytics firm Barkly, acquired by Alert Logic in 2019. In 1999, Jack founded Qiave Technologies (acquired by WatchGuard Technologies in 2000) and in 2003, he started application security pioneer Ounce Labs (acquired by IBM in 2009). At IBM, Danahy was Director for Advanced Security, and also led the delivery of security services for IBM across North America. Jack holds a dozen security patents and is a frequent writer and speaker on a wide range of security topics.

Published Tuesday, September 22, 2020 7:33 AM by David Marshall
Defining Success for a SOC : @VMblog - (Author's Link) - September 22, 2020 8:39 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2020>