calls for more ‘response’ in managed detection and response solutions
New Delhi, India – March 28, 2019: As the threat landscape continues to evolve, so does the need for organizations’ approaches to defending against the business impact of cyber attacks. In light of this trend, cybersecurity provider F-Secure is calling for greater emphasis on both the preparedness for a breach as well as fast and effective containment that covers the correct balance of people, process and technology.
“Cyber breaches are now a fact of life for many companies. It’s no
longer a matter of ‘if’ a company will be breached, the question is ‘when’. And
that calls for a shift in how organizations handle many aspects of security,”
said F-Secure Countercept Managing Director Tim Orchard.
Research highlights one current area of weakness as the lack of
investment in effective incident response strategies. 44 percent of respondents
to a recent MWR Infosecurity (acquired by F-Secure in 2018*) survey said they
invested less in their response capabilities than in threat prediction,
prevention, or detection. Only 12 percent said the response was prioritized
over their other security capabilities.
The continuous response, the art, and science of having the right
people in the right place at the right time armed with the information they
need to take control of the situation, is an emerging concept in cybersecurity
that’s central to boosting response capabilities. The aim is to combine
elements of collaboration, context, and control into a fluid process. In
practice, this could mean a single team of threat hunters, first responders,
administrators, and other personnel working together to actively identify and
remediate potential threats before they escalate.
“Having the tools and techniques in place to quickly detect,
contain and frustrate attacks as they unfold buys you time, and gives you an
opportunity to understand the full picture about how attackers are exploiting
your weaknesses and moving through your network. And they need to be
sophisticated enough to avoid tipping off an attacker that you’re onto them,
and prepared to evict them in one concerted push,” explained Orchard. “And it’s important to put these tools and techniques into the hands
of the right team if you want them to work.”
The MDR blend of collaboration, context, and control
According to the Gartner’s “Answers to Questions About 3
Emerging Security Technologies for Midsize Enterprises”* report, “MDR is about
’renting trained eyes’ you can’t find or afford to detect incidents that go
undiscovered…It’s about finding the 10% of incidents that bypass traditional
firewall and endpoint protection security.”
MDR solutions typically offer 24/7 threat monitoring, detection,
and response services that leverage advanced analytics and threat intelligence
to help protect organizations. Generally, MDR vendors deploy sensors (such as
an endpoint agent or a network probe) to gather data from a client’s systems.
The data is then analyzed for evidence of compromise and the client is notified
when a potential incident is detected.
After detection, clients either respond on their own or bring in
external IR teams and approaches, which can include local or remote
investigations and forensics, as well as advice on a possible orchestrated
technical response. But at best, response activities stop at isolating hosts
using EDR agents or firewalling.
But effective solutions can potentially do much more. Treating
response as a continuous activity means team members will be in constant
communication and collaboration with one another, able to discuss suspicious
events happening anywhere within their infrastructure. MDR solutions can
facilitate this process, giving defenders the edge they need to stop, contain,
and ultimately, eject an adversary.
“Finding a balanced MDR solution, regardless of whether its an
in-house solution or outsourced, is key. I think our approach to preparing our
clients to assume the breaches have already happened, and then help them hunt
down those threats, is the essence of continuous response,” said Orchard. “Getting
this right lets defenders evict attackers quickly on their first try, and
prevent those adversaries from repeating their attack.”
**Source: Gartner, Answers to Questions About 3 Emerging Security
Technologies for Midsize Enterprises, James Browning, and 25 February 2019.
Nobody knows cybersecurity like F-Secure. For three decades,
F-Secure has driven innovations in cybersecurity, defending tens of thousands
of companies and millions of people. With unsurpassed experience in endpoint
protection as well as detection and response, F-Secure shields enterprises and
consumers against everything from advanced cyber attacks and data breaches to
widespread ransomware infections. F-Secure’s sophisticated technology combines
the power of machine learning with the human expertise of its world-renowned
security labs for a singular approach called Live Security. F-Secure’s security
experts have participated in more European cybercrime scene investigations than
any other company in the market, and its products are sold all over the world
by over 200 broadband and mobile operators and thousands of resellers.
Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki