Why MDR Is Overtaking the Product-Centric Approach to Cybersecurity

September 9, 2016 Arctic Wolf Networks

Despite the best efforts of in-house IT staff, organizations all over the world continue to suffer cyberattacks on a frequent basis. Earlier this year, Fortune contributor George Kurtz attributed America’s ongoing cybersecurity failures to several key factors. Chief among them was the fallacy that all threats can be preempted. Anyone who subscribes to that ideology is either severely misinformed, or is deliberately using smoke and mirrors to sell you a fake panacea.

But the rabbit hole goes deeper. In many ways, the idea that products can solve the cyberthreat crisis of our time has developed into a type of national psychosis, or at least a serious state of denial. Firstly, in-house IT staff are tricking themselves into believing that they can handle cybersecurity alone. What’s more, vendors that sell out-of-the-box cybersecurity solutions are too hasty to capitalize on this misconception by marketing themselves as the “silver bullet” for this or that problem. At best, this way of doing things can supply some ephemeral relief, but that’s about it.

“Treating cybersecurity as an add-on to IT operations is just not working for corporate America,” Kurtz stated. “Without a radical change to make cybersecurity a part of the fabric of the organization, from the server room to the Board of Directors, the balance of power will continue to favor the adversary.”

MSSPs: A step in the right direction, but hardly enough

“MSSPs lack the detective cybersecurity that can actually ‘protect every endpoint.'”

To Kurtz’ point, many organizations are now enlisting the help of managed security service providers. The MSSP market has certainly made waves, with Frost & Sullivan predicting the space to be worth $5 billion by 2018. The idea here is that cybersecurity is shifted off in-house IT staff, and onto a team of highly trained cybersecurity experts. The plus side of this model is that it helps cultivate the idea that organizations, particularly small and medium-sized businesses with fewer resources than enterprises, simply cannot handle cybersecurity alone. Unfortunately, that’s still not enough.

The problem with MSSPs is that they more or less just supply a better version of what many in-house IT teams are already doing. They deploy managed firewalls, anti-virus, anti-spam tools and usually some sort of threat detection tool. Then, they constantly update these solutions in an effort to keep out the newest cyberthreats. Again, this is all positive to an extent, but it still doesn’t address one of the biggest failings Kurtz mentioned: a lack of detective cybersecurity that can actually “protect every endpoint.”

This sort of the technology cannot be simply thrown into a cybersecurity bundle offered by an MSSP, and yet, that’s often what happens. Consider the sheer magnitude – not to mention the versatile behavior – of log sources in the modern network. You’re dealing with myriad variations of endpoints, an unprecedented volume of applications executing commands and more data in transit than ever before. The ability to parse all of this information so that cyberthreats are detected before they catch fire is extremely difficult.

For instance, a recent study from Arctic Wolf Networks concluded that the average strain of ransomware begins encrypting company data within 3 seconds of execution. Modern social engineering schemes have proven time and again that they can get past web gateways. They cannot be stopped, despite what any MSSP or out-of-the-box vendor might tell you.

The level of analytics power necessary to parse through an entire network worth of log sources and weed out the faintest hints of a potential attack is comparable to that of security information and event management (SIEM) software. The problem with SIEM is that it takes a long time to deploy (up to one year in some cases), and it must subsequently be monitored 24/7 by highly trained cybersecurity experts. This takes money, and much more of it than most mid-market organizations can afford to part with.

Why MDR is poised to shake things up

So with SIEM services and MSSPs out of the question, where does that leave us? The answer, according to a recent white paper by Gartner, is with a new market space known as managed detection and response (MDR) services.

According to Arctic Wolf Networks, one of the pioneering vendors in this space, MDR is not a replacement for cybersecurity software. Unlike a traditional MSSP, MDR services supply the two most important missing pieces of today’s cybersecurity puzzle: advanced threat detection and access to top-rate cybersecurity expertise.

In an MDR offering, a team of security engineers works with clients to create a highly successful cyberthreat detection and response strategy. This entails identifying what tools are necessary in order to most effectively defend a network and detect the earliest signs of intrusions. As a result, the burden of knowledge is lifted off in-house IT – and because it’s a cloud-based service offering, deployment is faster and far more affordable than traditional SIEM services.

Previous Article
What You Need to Know about Incident Response

Mitigating the damage of a cyberattack takes swift, decisive action.

Next Article
Selecting a SOC That’s Sensible for Your Organization

There's no such thing as a one-size-fits-all security operation center. 


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!