Understanding Managed Detection and Response
MDR is the new TLA. According to Gartner, “By 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment capabilities.” In honor of cybersecurity awareness month, here is a nice piece on MDR from ATC provider, CATO.
Managed Detection and Response (MDR) is a security service designed to provide ongoing protection, detection, and response for cybersecurity threats. MDR solutions use machine learning to investigate, alert, and contain cyber threats at scale. Additionally, MDR solutions should include a proactive element, including the use of threat hunting to identify and remediate vulnerabilities or undetected threats within an enterprise’s IT environment.
As the name suggests, MDR should be a fully managed solution, on top of being an automated one. While MDR relies heavily on advanced technology for threat detection and rapid incident response, human analysts should also be involved in the process to validate alerts and ensure that the proper responses are taken.
According to Gartner, MDR services provide turnkey threat detection and response through remotely delivered, 24/7 security operations center capabilities. Gartner predicts that half of companies will partner with an MDR provider by 2025.
The Need for MDR
MDR has evolved to meet the cybersecurity needs of the modern enterprise. The rapid expansion of the cyber threat landscape and widespread use of automation by threat actors means that everyone is at risk of cyberattacks. These threats are evolving quickly with new ones introduced every day.
Detecting and responding to these advanced threats requires capabilities that many enterprises are lacking. On average, it takes six months for an enterprise to identify a data breach after it has occurred (the “dwell time”), a number that has doubled in the last two years. Additionally, the cost of a data breach continues to rise and is currently almost $4 million.
MDR is important because it provides enterprises with the security capabilities that they lack in-house. With MDR, enterprises can rapidly achieve the level of security needed to prevent, detect, and respond to advanced threats, as well as sustain these capabilities as cyber threats continue to evolve.
The Challenges MDR Confronts
A six-month dwell time demonstrates that businesses are struggling to identify and respond to cybersecurity incidents, due to various factors, including:
- Lack of In-House Security Talent: The cybersecurity industry is experiencing a talent gap with an estimated 3.1 million unfilled roles worldwide, and 64% of enterprises struggle to find qualified security talent. With MDR, enterprises can leverage external talent and resources to fill security gaps.
- Complex Security Tools: Security solutions may require careful tuning to an enterprise’s environment, which requires expertise with these tools. MDR eliminates the need for enterprises to maintain these skills in-house.
- Security Alert Overload: The average enterprise’s security operations center (SOC) receives over 10,000 security alerts per day, which can easily overwhelm a security team. MDR only notifies the enterprise of threats that require their attention.
- Advanced Threat Prevention and Preparation: Preventing, detecting, and remediating attacks by threat actors requires specialized knowledge and expertise. The MDR service includes incident prevention, detection, and response.