The drumbeat of devastation continues. We have seen several reports of ransomware, such as Maersk reporting $250-300 million from the NotPetya outbreak, Norsk Hydro who reports more than $40 million from their recent ransomware attack, or Baltimore city estimating the ransomware attack will cost the city $18 million in lost or delayed revenue and remediation.
It’s clearly not enough to focus on stopping infections after the fact. It hasn’t been for a long time, either. Attackers can stay hidden within your environment for several months, waiting for the right time to strike.
The real question is a proactive one: “Am I compromised right now?”
It’s about hope, not fear
Historically, the security industry has used fear as the prime motivator to justify expenditures. But cybersecurity should not be about selling fear. I believe it’s about protecting hope.
Organizations of all sizes are overwhelmed by unrelenting security alerts and demoralizing breaches, but there is hope.
Cybersecurity is firmly on the boardroom agenda, and organizations are investing to protect their data assets and operations. The approach is increasingly proactive, with new ways to address gaps in threat detection, response and monitoring.
As a security leader, you need the most effective way forward to protect your most valuable assets, make security an integral part of your business and supporting your digitalization journey full on, and inspire the trust of the employees, customers and partners who work with you.
Find threats faster
Many security organizations are exploring ways to enhance their threat detection and incident response capabilities, but they find that implementation requires significant skills and resources.
At the same time, they are confronted with an industry-wide lack of cybersecurity resources. The worldwide shortage is closing in on three million, according to the nonprofit (ISC)2.
That’s why organizations are turning to managed detection and response (MDR) services to accelerate their threat detection journey. Threats are detected and contained far faster.
Gartner has identified MDR as the next step in threat monitoring and incident response services. By 2020, 15% of organizations will be using MDR services, up from less than 5% today, according to the Market Guide for Managed Detection and Response Services from Gartner.
MDR services are ideal for any organization that lacks the internal security resources and expertise but wants to address gaps in threat detection, response and monitoring.
Even if you have a SOC orSIRT you sometimes need support and augmenting your threat hunting capabilities or off-loading the in house team. We see more and more large-scale organizations complementing their SOC and SIRT teams with MDR services.
Midsize organizations find MDR services particularly appealing, since they provide abetter fit than a broader and less actionable engagement for security event monitoring.
AI-driven network detection and response
The Cognito network detection and response platform from Vectra is the foundation for a growing number of MDR offerings from managed security service providers.
TheAI-driven Cognito platform detects active threats in real time across the enterprise – from cloud and data center workloads to user and IoT devices.
Cognito analyzes cloud and network traffic, enriches the metadata, and prioritizes the highest-risk threats in real time. Cognito employs sophisticated AI, security research, data science, both local self-learning and updated globally with supervised learning.
No customer data is uploaded to Cognito’s brain, which eliminates concerns about data privacy as well as the need for continuous internet connectivity.
Security analysts use Cognito for threat hunting and to perform conclusive incident investigations.Whether at your MSSP or in your own security operations center, security analysts have the right information at the right time at their fingertips.
Analysts also can enrich the network metadata by leveraging the information from any endpoint detection and response (EDR) solution or by correlating information from a SIEM. Enriching data lakes and/or SIEM´s with security enriched metadata is a key advantage in a MDR service delivery.
A strong security program is not about selling fear to the corporate board, but inspiring hope!
“Market Guide for Managed Detection and Response Services,” Analyst(s): Pete Shoard, Craig Lawson, Toby Bussa, Sid Deshpande, Kelly Kavanagh, Published: 11 June 2018, ID: G00334680
Henrik Davidsson is director of sales business development at Vectra, where he is responsible for customer value creation & managed service providers. He has over 15 years’ experience in working with large enterprises, service providers and always stays in the frontline of new security challenges and coaching end customers and partners alike on how to augment their security posture and cyber resilience.Henrik has held leading position at companies such as Cisco, Juniper Networks, VMware, FireEye and NTT Security.