The surge in digital transformation investments during and after the COVID-19 pandemic has led to a significant expansion of corporate cyberattack surfaces. As a result, organizations are facing increasing difficulties in bridging the gap between attackers and defenders – across skills, capabilities, and resources. Fortunately, there are ways for corporate security teams to regain some of the initiative, such as by ensuring that their approach is proactive and considers prevention, detection, and response, including possible outsourcing of capabilities to expert industry partners.

One such solution is Managed Detection and Response (MDR), a comprehensive approach that combines all of these elements. However, not all solutions are of equal quality. Therefore, it is important to consider why your organization may need MDR and five key things to look for in a service offering.

The pandemic-era has led to surges in investments in many trends, including the rapid adoption of cloud computing, an emerging hybrid workplace, supply chain complexity, ransomware as a service (RaaS), use of legitimate tooling for lateral movement, a cybercrime underground saturated with breached data, a mature cybercrime economy, and an increase in published CVEs. All of these trends make compromise more likely, and 2021 saw publicly reported data breaches in the US hit an all-time high. It makes those incidents harder to detect and more costly to contain, with the mean time to identify and contain a data breach standing at 277 days, and the average cost being US$4.4 million for 2,200 to 102,000 compromised records.

In this context, a preventative approach towards security is simply not enough. To add to the preventative efforts, threat detection and response have to be included to stay ahead of attackers who will always find a way into corporate networks. If attackers get past defenses, continuous, granular monitoring will spot any signs of suspicious activity before the bad actors have had a chance to make an impact. SecOps teams can rapidly respond to contain the incident before it becomes a serious breach.

Extended Detection and Response (XDR) is an increasingly popular way to achieve this. It combines critical detection capabilities across endpoint, email, cloud, and other layers plus response and remediation to stop attackers in their tracks. However, for some organizations, XDR is not enough, as there may be in-house skills gaps, deployment, and management challenges, alert overload, and high costs of staffing. Therefore, MDR is becoming increasingly favored since it effectively manages XDR through outsourcing it to a provider with trained analysts who handle threat detection, prioritization, analysis, and response.

The global MDR market is predicted to grow at a CAGR of 16% over the next five years to reach US$5.6 billion by 2027. However, with so much at stake and so many vendors out there, it is essential to consider what to look for in an MDR vendor. First, the detection and response technology should have high detection rates, low false positives, and a light overall footprint. Independent analyst appraisals and customer reviews can guide the selection. Second, research capabilities should be strong as they will stop new and emerging threats. Third, 24/7/365 support is needed as cyber threats are a global phenomenon. Fourth, top-quality customer service is important as this should be a partnership. Providers should offer hyperlocal language support with global presence and delivery. Finally, services should be tailored to each organization’s size, IT environment complexity, and the required level of protection.

In conclusion, as the threat landscape evolves at breakneck speed, and corporate cyberattack surfaces expand, organizations face an increasing gap between attackers and defenders. MDR is one solution that combines prevention, detection, and response approaches. It is essential to conduct due diligence and select an MDR vendor with excellent detection and response technology, leading research capabilities, 24/7/365 support, top-quality customer service, and customized services. MDR is critical to maintaining the resilience of an organization in today’s highly targeted cyber threat landscape.

Lidhja e burimit