Webinar FAQ: 'Using MDR to Detect & Respond to Cyber Threats 24x7'
June 16, 2021
The current threat landscape has left IT and Security leaders facing an uphill battle. Damaging threat actors and new malware strains are introduced almost daily, security talent is in high demand, and the corporate technology environment continues to grow.
That's why ProArch held a live webinar on June 9, 2021, to educate corporate Presidents, IT Directors, and CEOs about the current state of cybercrime and the benefits of leveraging MDR to offset your team's responsibility of responding to security threats 24x7 with the ultimate goal of stopping every attack attempt before a compromise occurs. You can watch the entire webinar here and download the slides used in the presentation. We've also compiled a list of commonly asked questions about the service for those unfamiliar with MDR.
Current State of Threats
My organization has basic security protocols in place (firewalls, anti-virus software, etc.). That will protect us for now, right?
As the technology landscape evolves, so do cybercriminals. This is especially evident when you consider the sheer number of high-profile breaches that have made headlines recently. The number of new vulnerabilities released each year has tripled in the last 5 years, and attack methods are getting more sophisticated and technical. Without a similarly sophisticated and technical security strategy, your organization is a sitting duck.
"The growth in reported server vulnerabilities has made it impossible for most organizations to track and patch all vulnerabilities in a timely fashion." -Michael Montagliano, Chief of Innovation
How quickly do I have to respond to a cyber-attack to prevent damage?
The average amount of time between the initial compromise and lateral movement across the network by the threat actor is less than 2 hours. If the threat isn't responded to within that narrow window, recovery will be made much more difficult (and expensive).
Knowing this, MDR vendors follow the 1-10-60 rule: 1 minute to detect threats, 10 minutes to complete investigations, and 60 minutes to remediate the threat. That means your network will be protected from the attack before the hacker has time to move across your network to attain other assets or accounts.
How to Stop Threats
How does MDR work? What are the benefits?
To understand Managed Detection and Response (MDR) on a basic level, you can think of it as an invisible fence around your most critical corporate resources. Threat detection sources and sensors are deployed across networks, cloud services, endpoints, and identities. They're collecting and analyzing telemetry 24/7/365. When one of these sensors is tripped by a hacker, the Security Operations Center (SOC) team is notified. Security Analysts use the telemetry to track down the root of the compromise and contain it immediately, leaving the cybercriminal locked out of the rest of your network.
Is 24/7 human threat surveillance really required?
76% of ransomware events occur outside of work hours. Add the 280 days on average that it takes for organizations to realize a breach has occurred, and you have a recipe for disaster. Without immediate investigation and response, the attacker has the time and means to move laterally across the network and accrue additional data and inflict more damage. MDR is specifically designed to stop that from occurring.
"24/7 SOC capabilities are essential. Someone has to be watching for threats around the clock, every single day, to make certain threats are responded to immediately." -Michael Montagliano, Chief of Innovation
Threat Intelligence
What is Threat Intelligence? Why is it important?
Threat Intelligence is how data and insights are collected, analyzed, and automated to accelerate security systems and functions. It empowers organizations to bring automation and insight to the forefront of every facet of security, including strategic planning, technical design and architecture, and implementation.
Organizations using Threat Intelligence can expand visibility across the threat landscape and identify 22% more threats before any disruption occurs. Aside from attack prevention, Threat Intelligence also provides more actionable data that feeds into reporting to learn from events and ultimately allows companies to adapt their strategy and make better business decisions.
How does ProArch leverage Threat Intelligence for MDR customers?
ProArch uses Threat Intelligence to perform containment, remediation, threat hunting, and provide in-depth reporting. Essentially, ProArch takes a proactive, outcome-centric approach to reduce the risk that fuses external and internal threats, security, and business insights across an entire organization. Companies with Threat Intelligence can track down threats faster and make more informed security decisions.
MDR vs. MSSP
What is the difference between MDR and MSSP?
Put simply, MDR is a proactive approach to security, and MSSP is a reactive approach. MDR seeks out, validates, and alerts organizations of current and incoming threats. MSSPs solely respond to security events and primarily focus on defending vulnerabilities through passive technologies, like firewalls. MDR's main difference includes detection and investigation, while MSSP sends alerts of anomalies but does not investigate them.
|
|
MDR |
MSSP |
|
Alert Monitoring |
✔️ | ✔️ |
|
Threat Investigation |
✔️ |
|
|
Threat Containment |
✔️ |
|
|
24x7 Security Operations Center |
✔️ |
|
|
Security Information Event Management (SIEM) |
✔️ |
|
|
Incident Response |
✔️ |
|
The Investment of MDR
How do I get buy-in from the C-Suite?
Cybercrime is a $6 trillion industry. It's the third-largest global economy, behind only the US and China. Cyberattacks are not nearly as niche as many organizations like to think, and at the current rate of growth, it's not a matter of "if" you'll be targeted; it's a matter of "when." While these figures are scary, we understand that most executives have their eye on the bottom line and will need some convincing to invest in MDR services.
- Identify critical assets. The first step in justifying the investment of MDR is to get a deeper understanding of which critical business information needs to be protected.
- Do your research. Then gather information about which "threat communities" pose the most risk to your industry/organization. Lastly, you can forecast the magnitude of data loss and loss frequency.
- Get specific. Losses can be categorized as the theft of intellectual property, fines from compliance violations, ransomware payments, lost revenues, reputational loss, etc. These categories can be used to estimate "loss magnitude." The estimated loss frequency (or how often your organization is put at risk of loss) needs to be quantified.
- Crunch the numbers. Use the metrics you identified in the previous step to calculate the Return on Security Investment (ROSI). Use the ROSI model from Michael's presentation to get an exact percentage to show the decision-makers.
All it takes is one. If even just one breach is successful, recovery can cost your organization tens or even hundreds of thousands of dollars, not to mention unplanned downtime. Investing in MDR before your data is put at risk is the only way to prevent and respond to vulnerabilities.
Watch our webinar on-demand and explore our MDR capabilities to understand the power of a 24/7 team on your side stopping threats.