This featured blog was provided by Calvin Engen, F12.net CTO, CISSP.
October is Cyber Security Awareness Month, so if you’re a business owner or leader, you may be exploring ways to enhance your organization’s cyber security. As you do, you are bound to run into scores of perplexing acronyms. One that is gaining steam in the cyber security space is MDR. But what is it? Who needs it? And how does it differ from all the other similar sounding acronyms?
MDR is a simple and effective IT shield that every SME should have.
Managed detection and response (MDR) is a cybersecurity service that performs “threat hunting” within a corporate environment. It rapidly identifies and limits the impact of threats without requiring additional or specialized staffing within a business—music to the ears of hiring managers everywhere during this unprecedented staffing shortage. MDR is an essential component required to protect a business from cyber threats.
Detection and response are essential.
If you see value in smoke detectors, fire alarms and fire departments, you’re already a believer in detection and response. After all, it is not enough to put all the focus on fire prevention and insurance recovery. The same applies to your cyber security only, since every business is globally connected, there are multitudes of cyber arsons afoot in your digital neighbourhood.
Without MDR it takes, on average, 110 days for a security breach to be detected.
That means a cybercriminal has over three months to quietly move around within the network, lifting data and intellectual property and preparing for a ransomware attack. Once the ransomware attack occurs, a company goes into disaster mode, implementing their incident response plan—but they’re scrambling, not knowing how the adversary gained access, what they were doing within the network and what information they exfiltrated.
MDR reduces the time of detection to a matter of days, hours or even minutes.
The surveillance service is constantly threat hunting, searching for the breadcrumbs a hacker will leave in their wake, following them and catching up before they’ve had a chance to extract any company information or damage valuable data.
EDR, EPDR, TDR, MDR, FDR?
OK, the last one is a former president. But the others are all real security acronyms, which is confusing. Here is what you need to know, EDR, EPDR and TDR are automated tools deployed to protect endpoints. MDR is a service that combines technology and human intelligence to hunt for and respond to cyber threats in real time.
A good cyber protection plan is made up of several layers.
Leadership. Business leaders need to decide how to best protect their digital assets. Identify those assets (known in the IT world as the “crown jewels”) and become educated on how to adequately secure and protect them. This includes developing and enforcing policies impacting data access, storage, retention and destruction.
Awareness and training. Train employees to identify a malicious attack, they are your “human firewall”. It’s important to educate your team in a meaningful and interesting way, otherwise, there’s a good chance of it going in one ear and out the other. Follow-up training with varied testing so they can apply their knowledge. This should not be an annual activity; refresh everyone’s muscle memory at least once a month.
Cyber hygiene. Businesses must manage their risks with frequent updates and validation to ensure systems are patched, tools are deployed, passwords are rotated, policies are actioned, and vulnerabilities are managed. An experienced managed security service provider (MSSP) will offer services to keep a business’s cyber hygiene squeaky clean.
The MDR layer. With all the previous layers established, a company is well set up to prevent a breach of their organization—but that doesn’t mean it will never happen. It would be illogical to build a house, but never install a fire detector, right? MDR is the fire detector and the fire department, putting out the fire before there’s significant damage.
Recovery. Even with all the above, you still need insurance. That means backups, disaster recovery plans, and, yes, cyber security insurance. Just as you cannot get affordable fire insurance coverage without adequate fire protection, detection, and proximity to response services, you’ll find you cannot obtain affordable cyber insurance without all the other layers.
A cyber security consultant can perform a security assessment to identify and prioritize a company’s gaps. This is useful because often, a company is unclear on which security investments will have the biggest impact. An assessment will identify critical assets, pinpoint any weaknesses in the organization’s defence, and recommend measures to augment existing layers of protection so that a company’s private data stays private. And isn’t that the kind of cybersecurity your business actually needs?
Looking to learn more about whether MDR is right for your company? Feel free to reach out to Calvin Engen, F12.net’s CTO, at email@example.com.