icon

Top 3 2021 APAC Security Vendor

Sangfor a Top 3 2021 APAC Security Vendor in Gartner® Security Market Share Report

icon

Gartner Report on Cloud Strategy

Sangfor Newsletter Featuring the Gartner® Research: The Cloud Strategy Cookbook, 2021

icon

Gartner Whitepaper on NDR

Sangfor Featuring Gartner Whitepaper on Network Detection and Response (NDR)

icon

World’s 4th Largest NDR Vendor

The World’s 4th Largest NDR Vendor by Revenue in 2021 Gartner® Market Share Report

icon

AAA Rating from CyberRatings

Sangfor NGAF Receives AAA Rating from CyberRatings

An Evolving Cyber Security Industry with a Caveat

Before diving into Managed Detection and Response (MDR), let’s back up and analyze the current state of the cyber security industry. Because the cyber threat landscape continues to deteriorate, all facets of cyber security are having to evolve at a rapid pace. We are seeing a wealth of new cyber security technologies designed to protect organizations from devastating attacks. We see regulatory bodies releasing new regulations and guidelines for organizations to enhance their security operations. Governments are taking bigger and bolder strides towards improving cyber resilience on national levels. And we see a greatly heightened cyber security awareness, not only among businesses but also among the general public.  

However, there is one key component that is, unfortunately, not growing fast enough to cope with all these changes: cyber security talent. 

The ISC2 2021 Cybersecurity Workforce Study found that the global cyber security workforce needs to grow by a staggering 65% to keep up with current demands. Many organizations cite talent shortage as the biggest cyber security challenge in 2021 and one of the biggest challenges going forward. Equally challenging is the retention of cyber security talent. With a huge gap in the talent pool, most organizations either cannot find the right talent or struggle to keep them. 

What is managed detection and response

Managed Security Services: The Answer to the Security Talent Shortage

Many organizations have turned to managed security services (MSS) to plug the talent gap in their security operations. Whether it’s round-the-clock monitoring of the organization’s security devices or security incident response and mitigation, MSS has become the choice of many organizations. MSS helps organizations overcome their skill shortages, improve security operations effectiveness, and reduce security operations costs.  

There are many flavors of MSS that organizations can subscribe to. This depends on their needs and cyber security maturity. MMS providers offer a combination of services, from security monitoring to managing security devices to newer managed detection and response (MDR) services.  

While different MSS share some common functions, each type of service has focal point that differentiates it from others. For our discussion, we will focus on MDR and why it offers the most value among MSS. 

What is a Managed Detection and Response Service? 

Gartner defines Managed Detection and Response (MDR) as a service offering that provides customers with remotely delivered modern security operations center (MSOC) functions. These allow organizations to rapidly detect, analyze, investigate, and actively respond through threat mitigation and containment.  

There are different permutations of MDR services depending on who is offering them. In the case of MSSPs, MDR can be offered as a standalone service or as part of the provider’s overall MSS. The service provider takes over a large portion of the organization’s security operations. On the other hand, security product vendors usually offer MDR services as an add-on to their technology sales and typically depend on their own technology as the main telemetry. 

Benefits of Managed Detection and Response over Other Managed Security Services 

1. Not Just about Simple Detection

One of the key differences between MDR and other managed security services is threat detection. While most other services depend on technology alone, MDR integrates the human element into detection. This significantly improves the analysis and identification of threats. Security analysts ensure relevance specific to the organization by adding accurate insights into the threat, the potential impact, and the best course of mitigation.

2. Actionable vs Informational Response

Thanks to the human element, MDR services deliver actionable response to customers for detected threats. For example, security experts may directly configure the customer’s security devices or work with the customer to mitigate these threats. In contrast, technology-based services rely on standard advisories embedded in security monitoring and detection technologies.

One major issue with standard advisories is that the static information provided is not applicable to all situations. On the other hand, MDR security experts provide customers with practical solutions to mitigate threats using the available technologies at hand. This is especially useful when organizations have all the necessary technology but not the know-how to manage and respond to threats. Additionally, MDR services offer recommendations for improving the organization's existing infrastructure to avoid repeated breaches. This could be as simple as fine-tuning the configuration of existing security technologies or suggesting technology that the organization needs to avoid similar threats in the future.

3. Looking for Indicators Instead of Alerts

The common paradigm for most security monitoring services revolves around security information and event management (SIEM). SIEM gathers and correlates logs from multiple sources, typically security devices such as firewalls, endpoint protection solutions, and content security gateways. SIEMs alert organizations on potential threats based on correlated log information from these sources. However, general practice is that only the logs of defensive actions (e.g., blocking an IP or file) taken by security devices are sent to the SIEM for correlation. This is due to performance and storage constraints and means that breadcrumbs of malicious traffic evading detection remain hidden.

MDR takes a different approach. MDR services use technologies such as Network Detection & Response (NDR), Endpoint Detection & Response (EDR), or Extended Detection & Response (XDR) to hunt for threats in all network activity. Leveraging advanced capabilities like machine learning and behavioral analysis, MDR finds anomalies hidden in normal traffic based on indicators of an attack. This provides greater visibility of potential security threats, allowing service operators to root out the threats that escaped the detection of security devices.

Who Needs Managed Detection and Response Services?

A managed detection and response service brings major benefits regardless of whether an organization is a large enterprise with sufficient manpower and financial resources or a small business that only hires for core business functions. MDR provides organizations with hard-to-find expert resources needed to defend against cyber threats. At the same time, there is no need to worry about losing or retaining these capabilities. In certain cases, MDR services are used to augment existing security operations without incurring associated costs and risks, allowing the organization to enhance its security operation effectiveness with a hybrid approach.

About Sangfor Cyber Guardian MDR Service

Sangfor Cyber Guardian MDR seamlessly integrates human and machine intelligence to help organizations detect and respond quickly and accurately to security threats. It is powered by Sangfor’s state-of-the-art AI-based threat detection and response engines, which pull in global threat intelligence to enhance detection accuracy. Sangfor Cyber Guardian's global team of security experts work 24/7. They continuously analyze threats and provide customers meaningful guidance on how to respond to these threats. With over 1,000 customers, 1.2 billion logs analyzed daily, and an expanding library of over 1,500 detection use cases, Cyber Guardian is proven to boost cyber threat detection.

Contact Us for Your MDR Inquiry


Listen To This Post

Search

Subscription

Dont Miss Our Newest Article by Subscribing to Sangfor

Related Articles

Cyber Security

Is Cyber Resilience the One Thing Your Organization Is Missing?

Date : 30 Jun 2022
Read Now

Cyber Security

Conti Ransomware Attack Throws Costa Rica into a National State of Emergency

Date : 28 Jun 2022
Read Now

Cyber Security

4 Ways to Improve the Security Posture of Your Organization or You Can't Fix Stupid

Date : 23 Jun 2022
Read Now

See Other Product

Platform-X
SASE Access
Sangfor SSL VPN
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
icon notification

FAE - RSEA region (Manila, Bangkok)

Employment Type : Fulltime
Experiences : 3 years
Company Name : Sangfor Technologies
Location : Manila, Philippines
Job Location Type : Office
Apply Now

Responsibilities:

  • Face-to-face engagement (on-site support) with customers to provide technical support.
  • In charge of POC (Proof of Concept), demonstrations, presentations, technical exchanges, tracking and fixing technical issues, training partners and customers.
  • Complete technical document refer to TOR/training/site-reference etc.
  • Technical support by hotline, email, and other remote methods.
  • Internal technical training.

Requirements:

  • Bachelor's Degree in engineering (computer /telecommunication) or equivalent. 
  • Minimum of 3 years’ work experience in the IT industry as a technical engineer with solid knowledge of network best practices. 
  • Thorough understanding of TCP/IP, including common protocols, applications, routing & switching, and the OSI model will be an advantage. 
  • Knowledge of firewall, UTM, network security technologies or wireless technologies and familiar with mainstream network equipment (Cisco, Juniper, Fortinet, Bluecoat, Riverbed, Aruba, Ruckus). 
  • Strong analytical and problem-solving skills with a solid understanding of how to troubleshoot technical issues that involve network products. 
  • Certifications such as CCNA or CCNP along with proven experience will be helpful and desired. 
  • Dynamic and result-oriented team player, high integrity, target-focused, and able to work with minimum supervision. 
  • Good command of both spoken and written English. 

 

alt

FAE - EMEA region (Italy)

, Italy

OPEN

alt

FAE - Indonesia

Jakarta, Indonesia

OPEN

alt

FAE - Malaysia

Kuala Lumpur, Malaysia

OPEN

FAE - EMEA region (Italy)

Employment Type : Fulltime
Experiences : 3 years
Company Name : Sangfor Technologies
Location : Italy
Job Location Type : Office
Apply Now

Responsibilities:

  • Face-to-face engagement (on-site support) with customers to provide technical support.
  • In charge of POC (Proof of Concept), demonstrations, presentations, technical exchanges, tracking and fixing technical issues, training partners and customers.
  • Complete technical document refer to TOR/training/site-reference etc.
  • Technical support by hotline, email, and other remote methods.
  • Internal technical training.

Requirements:

  • Bachelor's Degree in engineering (computer /telecommunication) or equivalent.
  • Minimum of 3 years’ work experience in the IT industry as a technical engineer with solid knowledge of network best practices.
  • Thorough understanding of TCP/IP, including common protocols, applications, routing & switching, and the OSI model will be an advantage.
  • Knowledge of firewall, UTM, network security technologies or wireless technologies and familiar with mainstream network equipment (Cisco, Juniper, Fortinet, Bluecoat, Riverbed, Aruba, Ruckus).
  • Strong analytical and problem-solving skills with a solid understanding of how to troubleshoot technical issues that involve network products.
  • Certifications such as CCNA or CCNP along with proven experience will be helpful and desired.
  • Dynamic and result-oriented team player, high integrity, target-focused, and able to work with minimum supervision.
  • Good command of both spoken and written English.

 

alt

FAE - RSEA region (Manila, Bangkok)

Manila, Philippines

OPEN

alt

FAE - Indonesia

Jakarta, Indonesia

OPEN

alt

FAE - Malaysia

Kuala Lumpur, Malaysia

OPEN

FAE - Indonesia

Employment Type : Fulltime
Experiences : 3 years
Company Name : Sangfor Technologies
Location : Jakarta, Indonesia
Job Location Type : Office
Apply Now

Responsibilities:

  • Face-to-face engagement (on-site support) with customers to provide technical support.
  • In charge of POC (Proof of Concept), demonstrations, presentations, technical exchanges, tracking and fixing technical issues, training partners and customers.
  • Complete technical document refer to TOR/training/site-reference etc.
  • Technical support by hotline, email, and other remote methods.
  • Internal technical training.

Requirements:

  • Bachelor's Degree in engineering (computer /telecommunication) or equivalent. 
  • Minimum of 3 years’ work experience in the IT industry as a technical engineer with solid knowledge of network best practices. 
  • Thorough understanding of TCP/IP, including common protocols, applications, routing & switching, and the OSI model will be an advantage. 
  • Knowledge of firewall, UTM, network security technologies or wireless technologies and familiar with mainstream network equipment (Cisco, Juniper, Fortinet, Bluecoat, Riverbed, Aruba, Ruckus). 
  • Strong analytical and problem-solving skills with a solid understanding of how to troubleshoot technical issues that involve network products. 
  • Certifications such as CCNA or CCNP along with proven experience will be helpful and desired. 
  • Dynamic and result-oriented team player, high integrity, target-focused, and able to work with minimum supervision. 
  • Good command of both spoken and written English. 

 

alt

FAE - RSEA region (Manila, Bangkok)

Manila, Philippines

OPEN

alt

FAE - EMEA region (Italy)

, Italy

OPEN

alt

FAE - Malaysia

Kuala Lumpur, Malaysia

OPEN

FAE - Malaysia

Employment Type : Fulltime
Experiences : 3 years
Company Name : Sangfor Technologies
Location : Kuala Lumpur, Malaysia
Job Location Type : Office
Apply Now

Responsibilities:

  • Face-to-face engagement (on-site support) with customers to provide technical support.
  • In charge of POC (Proof of Concept), demonstrations, presentations, technical exchanges, tracking and fixing technical issues, training partners and customers.
  • Complete technical document refer to TOR/training/site-reference etc.
  • Technical support by hotline, email, and other remote methods.
  • Internal technical training.

Requirements:

  • Bachelor's Degree in engineering (computer /telecommunication) or equivalent. 
  • Minimum of 3 years’ work experience in the IT industry as a technical engineer with solid knowledge of network best practices. 
  • Thorough understanding of TCP/IP, including common protocols, applications, routing & switching, and the OSI model will be an advantage. 
  • Knowledge of firewall, UTM, network security technologies or wireless technologies and familiar with mainstream network equipment (Cisco, Juniper, Fortinet, Bluecoat, Riverbed, Aruba, Ruckus). 
  • Strong analytical and problem-solving skills with a solid understanding of how to troubleshoot technical issues that involve network products. 
  • Certifications such as CCNA or CCNP along with proven experience will be helpful and desired. 
  • Dynamic and result-oriented team player, high integrity, target-focused, and able to work with minimum supervision. 
  • Good command of both spoken and written English. 

 

alt

FAE - RSEA region (Manila, Bangkok)

Manila, Philippines

OPEN

alt

FAE - EMEA region (Italy)

, Italy

OPEN

alt

FAE - Indonesia

Jakarta, Indonesia

OPEN