Every company needs help with cybersecurity. No CISO ever said, "I have everything I need and am fully confident that our organization is fully protected against breaches."
This is especially true for small and mid-sized enterprises that don't have the luxury of enormous cybersecurity budgets and a deep bench of cybersecurity experts.
To address this issue, especially for small and mid-sized enterprises, we've seen a sharp rise in Managed Detection and Response (MDR) services. MDR is essentially an outsourced cybersecurity expert service that monitors a company's environment and provides an improved ability to detect, investigate, and respond to threats. Think of it as augmenting your existing staff with a group of highly skilled cybersecurity experts.
Cynet recently published a new whitepaper that reviewed all of the services provided by their MDR team, which they refer to as "CyOps" [you can download the whitepaper here].
Interestingly, Cynet provides MDR service to its customers at no additional cost. The list of MDR services provided in the whitepaper can be used as an instructive guide for companies looking to add or change their MDR provider. The services basically break down into the following categories.
Monitoring alerts across all security controls is a foundational element of MDR. Make sure your MDR provider does this 24x7. An MDR service should also prioritize alerts and have a process in place for contacting you in a prearranged manner when critical, time-sensitive alerts arise.
Believe me, you'll appreciate that call at 3 am someday! All time-sensitive contact should include detailed written reports.
|Malicious activity outreach example by CyOps|
Your MDR should also be continuously updating detection mechanisms and informing you of new threats. For example, new ransomware variations or new malware techniques should be shared, along with details around how new updates protect against new threats. Cynet lays out a broad array of detection services in its latest report.
Investigating validated alerts to gain a full understanding of the scope and impact of an attack is something your MDR provider should be proficient at.
Following the investigation, your MDR should provide you with updated IoCs and then proactively update your defenses with this information.
|File analysis example by CyOps|
Ensuring all appropriate remediation actions are taken and guiding you through the entire process should also be something your MDR service provides. Remediating the full scope of an attack can be a tedious process, but important to ensure all aspects of the infection are eliminated.
|Remediation instructions and IOCs example by CyOps|
Ad Hoc Expert Advice
Your MDR should always be available to respond to inquiries and provide expert help and guidance. Is there something you're unsure of? Is there a new threat you're concerned about?
Whatever the security concern, the MDR should be there to clear up any confusion and fully respond to any questions you may have.
Finally, a good MDR will provide regular newsletters, updates, and reports to keep you informed of new attack and protection techniques. They will also remind you of critical system updates and help you plan and execute them while ensuring minimal system disruption.
|Critical update required due to a newly discovered vulnerability example|
With the growing set of MDR providers, companies can be selective to ensure that their specific needs align with the services offered. Like most services, some are far better than others, and some are more comprehensive than others. Choose wisely.