Sachin Varghese, EVP Americas & CMO, Paladion, delves into the significance of deploying Managed Detection and Response (MDR) services during the course of this year.
In 2018, your network will most likely be breached.
In previous years, we would not be able to say this. Network perimeters were limited and securable. Attacks were relatively uniform and predictable. And attack volume was low enough to be stopped with heavy investment in legacy SIEM systems.
Those days are gone. The enterprise now runs on cloud, mobile, and IoT. By 2020, there will be 50 billion connected devices. And 99 percent of these computing devices are vulnerable to cyber-attacks. The enterprise security perimeter has dissolved.
At the same time, attackers have learned to take advantage of the new, complex, and permeable enterprise. They take advantage of your moments of peak network traffic to hide their attacks. They have evolved fast, sophisticated, multi-channel attacks. They now deploy complex unknown attack patterns—and the identity of the attackers themselves often remains unknown until it’s far too late.
The result: data breaches are increasing at an alarming rate. They are now inevitable.
Attackers know this. They have let go of “smash and grab” approaches to cybercrime, and now focus on seeding your systems with Advanced Persistent Threats that take months to secretly find their target and inflict their harm. They now assume they will breach your systems, and be able to hide in your network as long as it takes to complete their mission.
And if you hold onto legacy approaches to cybersecurity in 2018, your attackers will be right to make this assumption.
Fighting back in 2018 with MDR
Organisations and cybersecurity experts are waking to this reality, and shifting their focus away from prevention, and towards MDR services. IBM predicts 2018 will be the first year a major company will respond appropriately after suffering a significant breach. At the same time, Gartner argues detection and response capabilities will “drive a majority of security market growth” through 2022.
MDR services assume a breach will happen, and answers the question “How do we act quickly to prevent a breach from becoming catastrophic?” MDR services continuously monitor your systems to find breaches in real-time. They then quickly shift to respond in near real-time. While MDR services do focus on what happens after a breach occurs, they do not ignore threat prevention entirely. A mature MDR programme provides full left-to-right of the hack protection – a Paladion approach, including the following services:
- Threat Anticipation: Continuously reviews the global threat landscape to identify, and protect your systems from most likely threats.
- Threat Hunting: Deploys data science and machine learning models to proactively uncover known and unknown threats in your networks.
- Security Monitoring: Applies real-time rules to logs and security events to detect known attacks and compliance violations.
- Incident Analysis: Triages alerts to focus on evaluating your most relevant threats, and queuing up response in the case of security incidents.
- Incident Response: Executes rapid, coordinated containment, eradication, and recovery from major incidents.
- Breach Management: Leverages human experts and machine learning to derive lessons from the breach, and strengthen your system from similar future attacks.
Making MDR work for your organisation in 2018
The transition to MDR-led security services in 2018 faces certain challenges. In 2018, much of this challenge will come from contending with stringent new privacy and data protection regulations (such as GDPR) and selecting the right cybersecurity provider.
The MDR service provider market will appear confusing, as traditional MSSPs attempt to adopt MDR-like services (or, perhaps, to simply adopt MDR branding without fundamentally changing their service offerings). However, it’s imperative to cut through this confusion. Select an MDR-first provider who has dedicated years of investment in anomaly investigation, forensic capabilities, and response playbooks.
Challenging or not, MDR adoption is no longer optional. The average cost of a single data breach will exceed $150 million by 2020, and by the end of 2018, cybercrime damages are projected to exceed $9 trillion globally.
Will you join these statistics in 2018? Or will you protect yourself with MDR as a major force in both cyber-attacks and cybersecurity?