What Is MDR, and Why Is It More Relevant Than Ever?
We asked a similar question a little over a year ago, and came up with what at the time was a suitable answer.
However, times have changed, as they tend to do. And while the core catalyst that drove the initial growth of managed detection and response (MDR) in mid-2016 is still relevant today (rampant cybercrime), the MDR market is a year and a quarter older, and a year and a quarter wiser.
This prompts a more precise question: What is MDR in 2017, and why is it more relevant now than it ever has been?
MDR: A Refresher
The role of MDR has not changed significantly in the past year. It is a type of managed cybersecurity service that helps organizations better understand their security environments so that they may enhance threat detection and response capabilities. Real-time, 24/7 monitoring is typically a standard feature of MDR, as is incident response to potential cyberattacks. Many MDR vendors, including Arctic Wolf, also provide security consulting and on-demand, round-the-clock access to a concierge security team of experts.
What has changed about MDR, however, is how organizations prioritize it. According to Gartner, threat detection and response is the top security priority for organizations in 2017. Many businesses are actually gravitating away from preventative cybersecurity and toward advanced detection and response service models such as MDR.
So Many Cyberattacks, So Few Security Experts
For one thing, the cybersecurity talent gap has continued to widen. By 2019, PwC estimates that there will be 1.5 million cybersecurity vacancies.
On top of that, we have witnessed some of the more cataclysmic cyberattacks of recent history in the past year. These include:
- Dyn: In fall 2016, the major DNS provider was bombarded with distributed denial-of-service (DDoS) attacks fueled by a botnet army that was “10s of millions of IP addresses,” strong. These IP addresses included Internet of Things devices such as security cameras, printers, baby monitors and more – all of which were infected with Mirai malware.
- WannaCry and NotPetya: In May, 2017, hackers deployed a strain of malware known as WannaCry, which affected hundreds of thousands of computers before young researchers discovered a kill switch that halted the malware’s proliferation. In June, another strain of malware called NotPetya made its rounds, costing businesses hundreds of millions of dollars. Shipping giant Maersk claims to have suffered about $200 million in NotPetya-related losses. Similarly, FedEx estimates that it was out $300 million.
- Equifax: Personal information (including names, addresses, Social Security numbers and drivers license numbers) belonging to 143 million people was compromised in a breach this summer. This represents about half of the U.S. population, and the vast majority of Americans who have a line of credit.
- Yahoo: The Yahoo fiasco has been unraveling since September 2016, when it was discovered that approximately 500 million people had their account compromised as a result of a data breach that took place in 2013. However, the biggest break in the story came in early October of this year. According to Wired, that number is actually 3 billion. In other words, all of Yahoo’s account holders, which is incidentally half of the world’s estimated total population, were affected.
From the first two attacks on the list above, we can deduce that hackers are employing novel methodologies, such as IoT DDoS, to affect their targets. WannaCry and Petya, likewise, have intriguing origins. Both originated from EternalBlue, a Windows vulnerability used by the National Security Agency, and previously stolen in a breach by hackers.
The moral of the story for the second two breaches is more on the nose: Early threat detection and timely incident response are crucial to keeping breaches from getting out of hand. Case in point, the software vulnerability that was used to infiltrate Equifax had been exploited six months prior in a separate breach. In other words, it appears that the company failed in its IR strategy to adequately patch a known software vulnerability, and the results were devastating.
Needless to say, this news has not gone unnoticed by business leaders. If it can happen to Equifax, Yahoo, and Dyn, it can happen to you, and probably will. This is especially true today – 61 percent of the cyberattacks analyzed in Verizon’s Data Breach Investigations Report 2017 took place in companies with 1,000 or fewer employees. This is because hackers are increasingly targeting SMBs, which are often seen as easier targets among cybercriminals.
The best defense against these threats is to detect them early and take swift action to remediate their presence. MDR helps organizations do that affordably and effectively by arming SMBs with on-demand security expertise.
Learn more by clicking on the banner below: