How Managed Detection And Response Can Protect Your Network
By Cedric Milloux, Senior Solutions Consultant at GTT
In a report conducted by Wakefield Research, 93% of organizations had experienced a data breach or compromise of some kind since the pandemic. Just as concerning was that 54% of the respondents said they spent too much time addressing low-level threats, which detracted from overall incident responsiveness to serious issues.
This data does not come as a surprise. In our hyper-connected and dispersed world, ensuring enterprise networks remain secure is increasingly becoming more complex and more challenging to manage. Cybersecurity teams must monitor and analyze data and its behavior across different channels and endpoints such as servers, laptops, and smartphones while also complying with strict governance structures given the various compliance and regulatory requirements across different countries.
We have seen a lot of new technologies and tactics like the Secure Access Service Edge (SASE) framework and the Zero Trust approach in the last few years to make it easier to contain and mitigate cyber threats, but one approach that is rapidly gaining interest from CISOs is Managed Detection and Response (MDR). In MDR, controlling an advanced sophisticated endpoint detection and response (EDR) system is handled by a partner making it the responsibility of a managed services provider (MSP) and its expert security team. Provided organizations have built the right foundation, MDR will enable companies to have an in-depth view of the level of protection of their organizations’ environments.
MDR As A Watchtower For Your Organization
MDR solutions (and by extension, any solutions that deal with detection and response) have become essential for any CISO protecting an organization’s IT infrastructure. MDR is not new, but gained an unfair reputation for being complex, tedious, and sometimes difficult to deploy and configure. However, those days have passed. MDR has been greatly improved with the development of new graphical interfaces and the implementation of baseline standards for features like log formatting that simplify the lives of cybersecurity teams.
Imagine having the ability to know when and where an attack is taking place. With MDR, you will be informed in near real time of a threat to an operating system. You also can find out whether the threat has already infiltrated a user terminal, a network device, or even the entire network. Without this, you may be at risk or may already be suffering an undetected cyberattack.
Building The Foundation For A Great MDR Solution
The best functioning MDR solutions are based on the following elements:
- Prioritization policy: one of the most important attributes of threat management is setting the right policies to determine which alerts are urgent, and which can be (at least temporarily) set aside.
- A log collector: picking an advanced log management system that collects application information, system performance, and user activities across the enterprise environment and compiles it into one platform.
- Security Information and Event Management (SIEM) software and appliances: the best solutions not only provide the first phase of log analysis and correlation by following set policies but also monitor for anomalies that would signify a cyberattack is taking place.
- Security Operations Center (SOC): every organization needs to ensure its team of experts and analysts specializing in cybersecurity are not only readily available and sufficiently trained to resolve any security issue that pops up but is also empowered by the C-Suite to take whatever actions they need.
It is important to conduct an in-depth audit of an organization’s IT environment and unique business needs before identifying the right MDR solution and functions. The audit should include a network infrastructure assessment (known as a network security assessment), an investigation of what cloud applications are at play (a cloud security assessment), and a check on system compliance.
Providing “Always On” Security
The optimal approach to security is often described as "everywhere and always on." Forward-thinking CISOs are considering all possible worst-case scenarios, building solutions and frameworks in place to combat them, getting the rest of the organization onboard, and ensuring their strategies align with business objectives. Adopting MDR, along with other frameworks such as SASE and Zero Trust, will be crucial to preventing cyberattacks from hitting enterprise networks.
About The Author
Cédric Milloux is a Solutions Consultant at GTT specializing in Security and SD-WAN, designing tailored architectures for each client based on his wide experience in technical consulting. Cédric joined GTT in 2021, prior to which he held various roles at KPNQwest, Risc Technologies, Vanco, Reliance GlobalCom, and GlobalCloudXchange as a technical design authority as well as team manager for implementation and security/design engineering departments. Cédric also was a Linux systems engineer and has multiple high-level certifications in networking, SD-WAN, and security.