It’s imprudent to rely entirely on perimeter defenses for network security, especially against a threat as pernicious as ransomware. And yet, that’s exactly what many companies do. While some of these businesses outright ignore the writing on the wall, others have legitimate excuses for why their network monitoring is lacking: The offers made by managed security service providers (MSSP) focus too heavily on prevention, and not enough on detection and responsiveness needed to take down ransomware.
The alternative – deploying and managing a security information and event management (SIEM) solution in-house – unfortunately, is infeasible for mid-market organizations. Somewhere in cyberspace, there is a graveyard of mismanaged solutions, and buried with them is the blood, sweat and tears of IT staffs that bit off more than they could chew.
What we end up with is a Goldilocks-type situation in which mid-market organizations can’t seem to access the tools that are “just right” for the job. Part of the reason for this is that they already have most of the tools they need. The only thing that’s actually missing is the ability to detect threats like ransomware, along with responsive consultation that will help these organizations know how to deal with them when they occur.
In a former blog post, we discussed the emergence of a new market space that Gartner refers to as managed detection and response (MDR). An MDR provider supplies clients with a managed security operation center, using a SIEM that leverages logs from customers. MDR effectively takes the log ammo from customers, and tells them where to aim to shoot down threats like ransomware.
From a technical standpoint, the result is stronger cybersecurity, seeing as you won’t be overburdening IT staff with cyberthreat detection duties that they’re not trained or equipped to handle. Considering there’s a significant shortage of trained cybersecurity professionals at the moment, it also saves an organization the trouble and the expenses of finding and paying a full-time professional who is in extremely high demand.
How does MDR differ from MSSPs?
“Most MSSPs are skewed toward preventative measures.”
But how exactly is this different from an MSSP, and more importantly, what makes it that “just-right” solution? Besides the fact that most MSSPs are skewed toward preventative measures, health care organizations, financial institutions, government agencies and other highly regulated industries need to have a tighter leash on their perimeter defenses. Respectively, the threat of HIPAA compliance breaches, cooperation with PCI compliance and over-reliance on a third-party vendor for network security makes many MSS offerings problematic. These industries require flexibility in how they manage their preventative defenses, and they won’t get that with an MSSP.
MDR, on the other hand, leaves perimeter security such as firewalls, web gateways and authentication in the hands of the client, while supplying the SOC and the SIEM. The provider can still alert the client in the event of an intrusion, and they still have oversight of the network, which allows them to pinpoint possible vulnerabilities and provide advice for how to plug them.
The response part of MDR provides customers with an incidence response plan and remediation recommendation. In other words, they’re given the intelligence to identify the attack and the attack vector, as well as specific recommendations on how to remediate their devices.
Saving money in the long run
Besides the immediate gains of mitigating damages that may result from costly cyberattacks without having to hire an entire team of cybersecurity professionals, MDR helps organizations save money by helping IT staff determine what cybersecurity solutions and offerings will actually help them. In this way, MDR doesn’t necessarily compete with MSSPs.
Rather, as explained by VP of marketing for Arctic Wolf Networks, Young-Sae Song, in a recent webinar, MDR identifies ways in which network security can be enhanced, and this makes it a solution-agnostic approach to managed security. It’s this inherent neutrality regarding out-of-the-box tools and other managed security offerings that makes MDR so unique in the world of cybersecurity.
There’s only one goal: to give mid-market businesses struggling with ransomware and other cyberthreats the detection capabilities, and response plans, that empower them to keep their own networks safe.
As the old saying goes, you give a man a fish, you feed him for a day. You teach him how to fish, and you feed him for life.