Continuous response needed to fight modern threats – Tim Orchard, F-Secure

Next Post
Previous Post

F-Secure calls for more ‘response’ in managed detection and response solutions

New Delhi, India – March 28, 2019: As the threat landscape continues to evolve, so does the need for organizations’ approaches to defending against the business impact of cyber attacks. In light of this trend, cybersecurity provider F-Secure is calling for greater emphasis on both the preparedness for a breach as well as fast and effective containment that covers the correct balance of people, process and technology.

“Cyber breaches are now a fact of life for many companies. It’s no longer a matter of ‘if’ a company will be breached, the question is ‘when’. And that calls for a shift in how organizations handle many aspects of security,” said F-Secure Countercept Managing Director Tim Orchard.

Research highlights one current area of weakness as the lack of investment in effective incident response strategies. 44 percent of respondents to a recent MWR Infosecurity (acquired by F-Secure in 2018*) survey said they invested less in their response capabilities than in threat prediction, prevention, or detection. Only 12 percent said the response was prioritized over their other security capabilities.

The continuous response, the art, and science of having the right people in the right place at the right time armed with the information they need to take control of the situation, is an emerging concept in cybersecurity that’s central to boosting response capabilities. The aim is to combine elements of collaboration, context, and control into a fluid process. In practice, this could mean a single team of threat hunters, first responders, administrators, and other personnel working together to actively identify and remediate potential threats before they escalate.

“Having the tools and techniques in place to quickly detect, contain and frustrate attacks as they unfold buys you time, and gives you an opportunity to understand the full picture about how attackers are exploiting your weaknesses and moving through your network. And they need to be sophisticated enough to avoid tipping off an attacker that you’re onto them, and prepared to evict them in one concerted push,” explained Orchard. “And it’s important to put these tools and techniques into the hands of the right team if you want them to work.”

The MDR blend of collaboration, context, and control

According to the Gartner’s “Answers to Questions About 3 Emerging Security Technologies for Midsize Enterprises”* report, “MDR is about ’renting trained eyes’ you can’t find or afford to detect incidents that go undiscovered…It’s about finding the 10% of incidents that bypass traditional firewall and endpoint protection security.”

MDR solutions typically offer 24/7 threat monitoring, detection, and response services that leverage advanced analytics and threat intelligence to help protect organizations. Generally, MDR vendors deploy sensors (such as an endpoint agent or a network probe) to gather data from a client’s systems. The data is then analyzed for evidence of compromise and the client is notified when a potential incident is detected.

After detection, clients either respond on their own or bring in external IR teams and approaches, which can include local or remote investigations and forensics, as well as advice on a possible orchestrated technical response. But at best, response activities stop at isolating hosts using EDR agents or firewalling.

But effective solutions can potentially do much more. Treating response as a continuous activity means team members will be in constant communication and collaboration with one another, able to discuss suspicious events happening anywhere within their infrastructure. MDR solutions can facilitate this process, giving defenders the edge they need to stop, contain, and ultimately, eject an adversary.

“Finding a balanced MDR solution, regardless of whether its an in-house solution or outsourced, is key. I think our approach to preparing our clients to assume the breaches have already happened, and then help them hunt down those threats, is the essence of continuous response,” said Orchard. “Getting this right lets defenders evict attackers quickly on their first try, and prevent those adversaries from repeating their attack.”

**Source: Gartner, Answers to Questions About 3 Emerging Security Technologies for Midsize Enterprises, James Browning, and 25 February 2019.

About F-Secure

Nobody knows cybersecurity like F-Secure. For three decades, F-Secure has driven innovations in cybersecurity, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cybercrime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.