Nils Krumrey, Cybersecurity Expert at Logpoint, discusses how Managed Detection and Response can effectively detect cybersecurity breaches.
Times are tough for medium-sized enterprises when it comes to securing the estate. There is a dearth of cyber talent thanks to the skills shortage, with a recent survey revealing that 61% lack dedicated skills experts.
The survey also found it is proving difficult for them to create a security culture, with only 9% saying workers adhere to best practices.
The sector is under scrutiny like never before due to increasing regulatory pressure, with many now caught under NIS2, which will be applicable to those trading on the continent. The new regulations not only carry strict reporting criteria and hefty fines but also now hold senior personnel accountable, a move we have seen stateside with the SEC now pursuing CISOs for overstating security and failing to disclose risks.
Moreover, threats continue to ramp up with ransomware operators now targeting the tier and AI set to see attacks increase in volume and sophistication.
Dealing with these pressures is not going to be easy, so what are the options? Investing in further cybersecurity technology is difficult given that many have seen cybersecurity budgets frozen, and there is a move to rationalise rather than add to the cybersecurity stack. The average mid-sized business has around 45 cybersecurity solutions, each with its own management requirements, demanding staff that are familiar with how it works. And manning all these systems can be time-consuming and complex, resulting in swivel chair operations as personnel consult different interfaces.
Taking on more staff is not a viable option given the lack of budget and skills shortages in the sector, which are seeing wages outpace inflation, rising by 20% or more. Neither is increasing the workload of the security team, which has been shown to be counterproductive. The ISC2 Cybersecurity Workforce Study 2023 found half of respondents had insufficient time to dedicate to proper risk assessment and management, 45% said workloads were leading to oversights in process and procedure, 38% misconfigured systems, and 38% tardy patching of critical systems.
Caught between a rock and a hard place
Collectively, this means that these traditional approaches to improving the cybersecurity posture are more challenging. Mid-sized businesses will have to rethink how they go about tooling to tackle the issue. Financial and resource constraints will force them to rationalise their current provision to reduce overheads and the demand for in-house personnel.
At the same time, they need to increase their defence capabilities to meet compliance demands and keep pace with evolving threats. The danger is that many will not see the writing on the wall and will attempt to continue operating in a reduced capacity.
This will then heighten exposure, as the same ISC2 study demonstrates that 57% of workers say shortages at their organisation have put them at moderate or extreme risk of a cybersecurity attack.
Some radical thinking is required, which is why this year, we can expect to see mid-sized businesses embrace Managed Detection and Response (MDR). MDR is a hugely versatile model that applies to all organisations, irrespective of size.
It can supplement in-house provision by working in concert with the security team to manage threat response or by providing alerts and remediation advice, or it can be used for the complete outsourced management of threat response.
MDR sees the remote provision of SOC-like threat detection services, with the MDR team monitoring activity and threat hunting as well as providing alerts, remediation and recovery in the event of an attack. It is distinct from the usual services of an MSSP, who will tend to offer day-to-day security management and maintenance via a portal, although some MSSPs do offer MDR as part of their portfolio.
Those offering Managed Detection and Response benefit from utilising technology such as a next-generation Security Incident and Event Management (SIEM) to collect and analyse logs and event data. This data is then analysed and used to demonstrate compliance and provide the material evidence needed to investigate security breaches.
This can be further enhanced through User and Entity Behaviour Analytics (UEBA) and Security Orchestration, Automation and Response (SOAR) to prioritize incidents and augment strained security teams.
Together, these solutions provide coverage across the entire systems landscape eliminating blind spots. By converging endpoint detection, compliance threat detection, investigation and response (TDIR) tools over one platform, the CISO then benefits from speedier, more comprehensive insights leading to better decision-making and investment and fruitful conversations with the C-suite.
Mid-sized enterprises will increasingly turn to MDR providers if they lack the resources to manage such a setup themselves in order to address the growing compliance and cybersecurity challenges they face.
Outsourcing not only provides them with access to the expertise of the MDR provider but also state-of-the-art technology enabling targeted threat hunting, threat containment to arrest the spread of attacks, incident response to remediate and mitigate impact and root cause analysis on a 24-7 basis.
Moving to Managed Detection and Response
Managed Detection and Response providers should seek to build out the business case for their services and show how they can align with the organisation and its existing security provision, any relevant experience to its sector, the experience of its team and the types of technology they will be using, and their average Mean Time to Detect (MTTD) and Mean Time to Respond (MTTD) rates.
There is a likelihood that there will be a tipping point in adoption this year as this segment of the mid-market experiments with and then commits to outsourcing. Gains from lower opex and capex, the freeing up of in-house resources, and more timely and targeted responses that can be used to demonstrate compliance will all act as highly persuasive elements in their own right.
Right now, organisations that opt for Managed Detection and Response could benefit from being early to market, provided the MDR can offer sufficient TDIR and compliance capabilities. They could use it to conserve the bottom line and as a differentiator by providing more assurance to their customer base.
