The time taken to detect a cybersecurity incident will determine the extent of the damage done. According to Kaspersky’s latest research, small and medium businesses, SMBs, with fewer than thousand employees that identified a data leak immediately suffered 17% less financial damage than those that detected it after a week or more. The same survey found that only 10% of businesses in this segment managed to detect a breach immediately.
Cybercriminals are more likely to conduct advanced attacks when the cost of organising it is lower than the potential revenue. That is why sophisticated attacks usually target large enterprises.
However, attacks against SMBs have become profitable as the toolkits needed to mount successful attacks have become low-cost commodities, readily available on the internet. Also, cybercriminals may not even use malware at all. They can misuse the legitimate functionality of an operating system or remote administration software to collect credentials or gain access to information without being noticed by endpoint prevention products.
Such threats are not only difficult to spot but they often cannot be blocked automatically as they are similar to the everyday actions of an IT security administrator. Without further investigation, these response measures can disrupt important business processes.
Attacks against SMBs have become profitable as the toolkits needed to mount successful attacks have become low-cost commodities.
To deal with such threats, businesses need advanced solutions that can collect and correlate security-related data, as well as an experienced team to analyse and respond to incidents.
However, security budgets are falling behind the needs of protection. In these circumstances, a cost-effective solution is to share the costs of a security operation centre, SOC, or a dedicated unit responsible for proactive searches of potential threats and analysis of alerts, with other companies. This is exactly what managed detection and response, MDR, offers.
While choosing an MDR provider, its track record in finding attacks is the key factor to consider. Experienced providers can quickly identify threats, as they know about malicious tactics first-hand and are aware of emerging attack strategies.
It is also important to look at the technologies that the service is built on. Systems that utilise machine learning should be effective enough that most threats can be prevented without manual human intervention.
While choosing an MDR provider, its track record in finding attacks is the key factor to consider.
Customers also need to pay attention to the response options a vendor offers. Ideally, MDRs should be flexible: in some cases, an MDR team will work remotely, while in others, internal staff can react to their following instructions from the MDR. The latter is helpful at the beginning of a partnership, as a customer needs to ensure that the recommendations work with their network and processes. Also, some prefer to respond on their own in case critical assets, such as computers belonging to executives, are involved.
It is also important to choose an MDR provider that can quickly react to incidents that may cause huge damage. Of course, 24*7 service is vital. The ability to consult with analysts directly is also important. This will help in situations when an internal team needs more comprehensive help or advice.
Systems that utilise machine learning should be effective enough that most threats can be prevented.
MDR can help organisations that need to quickly improve their threat detection and response capabilities. It does not mean, however, that customers stop developing internal expertise.
If they want to grow a mature cybersecurity function in-house, an MDR service will help in this transition period. Later, MDR can be a supporting force that allows internal security analysts to focus on the most critical incidents.
In case a company prefers to outsource threat hunting and incident response, it is worth polishing third-party management skills, to better handle outsourced functions.
While choosing a managed detection and response provider, the track record in finding attacks is key with experienced providers quickly identifying threats.