An Evolving Cyber Security Industry with a Caveat
Before diving into Managed Detection and Response (MDR), let’s back up and analyze the current state of the cyber security industry. Because the cyber threat landscape continues to deteriorate, all facets of cyber security are having to evolve at a rapid pace. We are seeing a wealth of new cyber security technologies designed to protect organizations from devastating attacks. We see regulatory bodies releasing new regulations and guidelines for organizations to enhance their security operations. Governments are taking bigger and bolder strides towards improving cyber resilience on national levels. And we see a greatly heightened cyber security awareness, not only among businesses but also among the general public.
However, there is one key component that is, unfortunately, not growing fast enough to cope with all these changes: cyber security talent.
The ISC2 2021 Cybersecurity Workforce Study found that the global cyber security workforce needs to grow by a staggering 65% to keep up with current demands. Many organizations cite talent shortage as the biggest cyber security challenge in 2021 and one of the biggest challenges going forward. Equally challenging is the retention of cyber security talent. With a huge gap in the talent pool, most organizations either cannot find the right talent or struggle to keep them.
Managed Security Services: The Answer to the Security Talent Shortage
Many organizations have turned to managed security services (MSS) to plug the talent gap in their security operations. Whether it’s round-the-clock monitoring of the organization’s security devices or security incident response and mitigation, MSS has become the choice of many organizations. MSS helps organizations overcome their skill shortages, improve security operations effectiveness, and reduce security operations costs.
There are many flavors of MSS that organizations can subscribe to. This depends on their needs and cyber security maturity. MMS providers offer a combination of services, from security monitoring to managing security devices to newer managed detection and response (MDR) services.
While different MSS share some common functions, each type of service has focal point that differentiates it from others. For our discussion, we will focus on MDR and why it offers the most value among MSS.
What is a Managed Detection and Response Service?
Gartner defines Managed Detection and Response (MDR) as a service offering that provides customers with remotely delivered modern security operations center (MSOC) functions. These allow organizations to rapidly detect, analyze, investigate, and actively respond through threat mitigation and containment.
There are different permutations of MDR services depending on who is offering them. In the case of MSSPs, MDR can be offered as a standalone service or as part of the provider’s overall MSS. The service provider takes over a large portion of the organization’s security operations. On the other hand, security product vendors usually offer MDR services as an add-on to their technology sales and typically depend on their own technology as the main telemetry.
Benefits of Managed Detection and Response over Other Managed Security Services
1. Not Just about Simple Detection
One of the key differences between MDR and other managed security services is threat detection. While most other services depend on technology alone, MDR integrates the human element into detection. This significantly improves the analysis and identification of threats. Security analysts ensure relevance specific to the organization by adding accurate insights into the threat, the potential impact, and the best course of mitigation.
2. Actionable vs Informational Response
Thanks to the human element, MDR services deliver actionable response to customers for detected threats. For example, security experts may directly configure the customer’s security devices or work with the customer to mitigate these threats. In contrast, technology-based services rely on standard advisories embedded in security monitoring and detection technologies.
One major issue with standard advisories is that the static information provided is not applicable to all situations. On the other hand, MDR security experts provide customers with practical solutions to mitigate threats using the available technologies at hand. This is especially useful when organizations have all the necessary technology but not the know-how to manage and respond to threats. Additionally, MDR services offer recommendations for improving the organization's existing infrastructure to avoid repeated breaches. This could be as simple as fine-tuning the configuration of existing security technologies or suggesting technology that the organization needs to avoid similar threats in the future.
3. Looking for Indicators Instead of Alerts
The common paradigm for most security monitoring services revolves around security information and event management (SIEM). SIEM gathers and correlates logs from multiple sources, typically security devices such as firewalls, endpoint protection solutions, and content security gateways. SIEMs alert organizations on potential threats based on correlated log information from these sources. However, general practice is that only the logs of defensive actions (e.g., blocking an IP or file) taken by security devices are sent to the SIEM for correlation. This is due to performance and storage constraints and means that breadcrumbs of malicious traffic evading detection remain hidden.
MDR takes a different approach. MDR services use technologies such as Network Detection & Response (NDR), Endpoint Detection & Response (EDR), or Extended Detection & Response (XDR) to hunt for threats in all network activity. Leveraging advanced capabilities like machine learning and behavioral analysis, MDR finds anomalies hidden in normal traffic based on indicators of an attack. This provides greater visibility of potential security threats, allowing service operators to root out the threats that escaped the detection of security devices.
Who Needs Managed Detection and Response Services?
A managed detection and response service brings major benefits regardless of whether an organization is a large enterprise with sufficient manpower and financial resources or a small business that only hires for core business functions. MDR provides organizations with hard-to-find expert resources needed to defend against cyber threats. At the same time, there is no need to worry about losing or retaining these capabilities. In certain cases, MDR services are used to augment existing security operations without incurring associated costs and risks, allowing the organization to enhance its security operation effectiveness with a hybrid approach.
About Sangfor Cyber Guardian MDR Service
Sangfor Cyber Guardian MDR seamlessly integrates human and machine intelligence to help organizations detect and respond quickly and accurately to security threats. It is powered by Sangfor’s state-of-the-art AI-based threat detection and response engines, which pull in global threat intelligence to enhance detection accuracy. Sangfor Cyber Guardian's global team of security experts work 24/7. They continuously analyze threats and provide customers meaningful guidance on how to respond to these threats. With over 1,000 customers, 1.2 billion logs analyzed daily, and an expanding library of over 1,500 detection use cases, Cyber Guardian is proven to boost cyber threat detection.