Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

Accelerate your cybersecurity with a managed detection and response service

By:
Henrik Davidsson
June 20, 2019

The drumbeat of devastation continues. We have seen several reports of ransomware, such as Maersk reporting $250-300 million from the NotPetya outbreak, Norsk Hydro who reports more than $40 million from their recent ransomware attack, or Baltimore city estimating the ransomware attack will cost the city $18 million in lost or delayed revenue and remediation.

It’s clearly not enough to focus on stopping infections after the fact. It hasn’t been for a long time, either. Attackers can stay hidden within your environment for several months, waiting for the right time to strike.

The real question is a proactive one: “Am I compromised right now?”

It’s about hope, not fear

Historically, the security industry has used fear as the prime motivator to justify expenditures. But cybersecurity should not be about selling fear. I believe it’s about protecting hope.

Organizations of all sizes are overwhelmed by unrelenting security alerts and demoralizing breaches, but there is hope.

Cybersecurity is firmly on the boardroom agenda, and organizations are investing to protect their data assets and operations. The approach is increasingly proactive, with new ways to address gaps in threat detection, response and monitoring.

As a security leader, you need the most effective way forward to protect your most valuable assets, make security an integral part of your business and supporting your digitalization journey full on, and inspire the trust of the employees, customers and partners who work with you.

Find threats faster

Many security organizations are exploring ways to enhance their threat detection and incident response capabilities, but they find that implementation requires significant skills and resources.

At the same time, they are confronted with an industry-wide lack of cybersecurity resources. The worldwide shortage is closing in on three million, according to the nonprofit (ISC)2.

That’s why organizations are turning to managed detection and response (MDR) services to accelerate their threat detection journey. Threats are detected and contained far faster.  

Gartner has identified MDR as the next step in threat monitoring and incident response services. By 2020, 15% of organizations will be using MDR services, up from less than 5% today, according to the Market Guide for Managed Detection and Response Services from Gartner.

MDR services are ideal for any organization that lacks the internal security resources and expertise but wants to address gaps in threat detection, response and monitoring.

Even if you have a SOC orSIRT you sometimes need support and augmenting your threat hunting capabilities or off-loading the in house team. We see more and more large-scale organizations complementing their SOC and SIRT teams with MDR services.

Midsize organizations find MDR services particularly appealing, since they provide abetter fit than a broader and less actionable engagement for security event monitoring.

AI-driven network detection and response

The Cognito network detection and response platform from Vectra is the foundation for a growing number of MDR offerings from managed security service providers.

TheAI-driven Cognito platform detects active threats in real time across the enterprise – from cloud and data center workloads to user and IoT devices.

Cognito analyzes cloud and network traffic, enriches the metadata, and prioritizes the highest-risk threats in real time. Cognito employs sophisticated AI, security research, data science, both local self-learning and updated globally with supervised learning.

No customer data is uploaded to Cognito’s brain, which eliminates concerns about data privacy as well as the need for continuous internet connectivity.

Security analysts use Cognito for threat hunting and to perform conclusive incident investigations.Whether at your MSSP or in your own security operations center, security analysts have the right information at the right time at their fingertips.

Analysts also can enrich the network metadata by leveraging the information from any endpoint detection and response (EDR) solution or by correlating information from a SIEM. Enriching data lakes and/or SIEM´s with security enriched metadata is a key advantage in a MDR service delivery.  

A strong security program is not about selling fear to the corporate board, but inspiring hope!

Related content

“Market Guide for Managed Detection and Response Services,” Analyst(s): Pete Shoard, Craig Lawson, Toby Bussa, Sid Deshpande, Kelly Kavanagh, Published: 11 June 2018, ID: G00334680

Learn about the advent of network detection and response in security operations.

Watch Under Armour talk about Cognito.

About the author

Henrik Davidsson

Henrik Davidsson is director of sales business development at Vectra, where he is responsible for customer value creation & managed service providers. He has over 15 years’ experience in working with large enterprises, service providers and always stays in the frontline of new security challenges and coaching end customers and partners alike on how to augment their security posture and cyber resilience.Henrik has held leading position at companies such as Cisco, Juniper Networks, VMware, FireEye and NTT Security.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

Controlling cyber-risk in mergers and acquisitions

October 2, 2019
Read blog post
Security operations

Considerations when selecting your managed security services provider

August 22, 2019
Read blog post
Security operations

Accelerate your cybersecurity with a managed detection and response service

June 20, 2019
Read blog post