Most organisations cannot keep pace with emerging and evolving cyberattacks. Criminals constantly identify new vulnerabilities and attack methods, meaning that the risk is dynamic, and your organisations’ response must be too.
It is no longer sufficient to assume that compliance with a standard will keep your organisation safe.
In this guide, Eoghan Daly, director of cyber security services with BDO, describes managed detection and response (MDR), how it can help organisations remain secure. This article is intended for senior decision-makers and board members responsible for managing risk that do not have a technical cybersecurity background.
Cybersecurity is complex and challenging, and the trends are going the wrong way. It is a question of ‘when’ not ‘if you will be hit by one or more of ransomware, malware, cyber-espionage, leak of personal data. It is impossible to know whether your organisation has done enough.
All familiar sentiments expressed by many board members considering whether their organisation is adequately protected against cybercrime: it is difficult to be confident that risks are adequately identified, assessed, and managed, but the situation is not hopeless. Outsourced and managed security services have come a long way in recent years and could be the solution you need.
You will be familiar with statistics about how prevalent cybercrime is and the potential impact on an organisation. We all know the risk is genuine and likely effects significant. What is worth considering is why organisations struggle with cyber.
Most organisations cannot keep pace with emerging and evolving cyber threats. Criminals constantly identify new vulnerabilities and attack methods, meaning that the risk is dynamic, and organisations’ response must be too. It is no longer sufficient to assume that compliance with a standard will keep your organisation safe.
- Standards are helpful as a signal to customers and partners that your organisation’s approach to cyber security is well organised, but they cannot address a dynamic risk like cyber.
- The skills necessary to keep an organisation safe are changing. The cyber security skillset has broadened, and the degree of specialisation has increased. It is no longer possible to have an IT generalist with the expertise to keep your organisation safe. Organisations need cyber security specialists, and cyber security specialists are in demand.
- Wages are high, and it isn’t easy to recruit and retain good people. Ideally, an organisation would have a team of cyber security specialists, providing opportunities for career development and keeping skills refreshed. A team of specialists is not possible for most organisations. There is not enough work to keep a specialist team utilised and provide the interesting work required to engage employees. The prohibitive cost is a barrier, too, of course.
- Cyber security teams are drowning in data. Organisations have various applications and processes generating records of network activities (‘logs’). The records are how unusual and potentially threatening activity is identified, but doing so can be time-consuming and mundane but critical. Few cyber security professionals enjoy clicking through alerts all day, every day. There is always a backlog of records to clear, meaning the time between compromise and detection is longer than it should be. Criminals exploit the delay.
Managed detection and response (MDR) services provide organisations access to expertise that has been limited to the largest and most sophisticated organisations. MDR means that organisations can have 24/7 protection and peace of mind that they are well protected. The best MDR solutions include Endpoint Detection and Response (EDR), and EDR has recently evolved into Extended Detection and Response (XDR).
So, all straightforward. Your organisation may benefit from an MDR solution that includes EDR, and ideally, the EDR will have XDR capabilities. An alphabet soup of technobabble.
Endpoint Detection and Response
Endpoint Detection and Response (EDR) is software used for detection and response to protect computer hardware devices (servers, laptops, mobile devices, virtual environments, etc., known as ‘endpoints’). EDR is generally provided by an outsourced security provider but will be deployed directly on a client’s system. EDR can be incorporated as part of MDR or can be used independently. The most appropriate approach will depend on the capacity and capability of an organisation’s in-house security team. Organisations with less developed security teams would be better suited to incorporating EDR into MDR and purchasing it as a service.
Extended Detection and Response
Extended Detection and Response (XDR) is the latest iteration of EDR. It functions like EDR but combines additional security-relevant information to enhance analytics capabilities and response actions beyond endpoints.
XDR provides organisations with visibility and control beyond endpoints, integrating other types of security information to improve the effectiveness of detections.
It produces fewer false positives than legacy approaches, and its enhanced forensic capabilities make for more accessible root-cause analysis and decreased investigation time. This reduces the time necessary to detect and respond to suspicious activity.
The most valuable benefit of XDR is enabling security analysts to respond to alerts faster and more accurately. The level of automation frees analysts from mundane manual work and reduces the time necessary to identify and contain threats.
If you are concerned about your organisation’s approach to cyber security, or if the organisation is struggling to keep up, consider buying security services from a third party.
Managed Detection and Response as a service removes the stress of worrying if your organisation will be the next to be hit with a catastrophic cyber-attack. It was only available to the largest and most sophisticated organisations in the past, but not anymore. Now any organisation can access experts using the latest and best technologies.