The accelerated adoption of cloud, digital transformation and remote working, in the wake of the ongoing pandemic, has expanded the attack surface for cybercriminals. Adversaries are also changing their tactics, techniques and procedures to increasingly launch cyberattacks that combine automation with active human interaction or “hands-on keyboard” hacking.
In these types of attacks, adversaries attempt to manually circumvent preventive solutions, such as firewalls and endpoint security, and leverage administrator tools, pen test tool kits, and poorly designed or easily exploitable applications to escalate privileges and move laterally.
Due to the increased use of these attack methods, IT leaders need to ensure their current cybersecurity defences can stand up against active cyberattackers by including a proactive threat hunting component.
Threat hunting requires the right tools, people and processes in-house to effectively manage security around-the-clock. Yet, many businesses struggle to put all of these much-needed pieces in place. This dilemma has given way to a new solution: Managed Detection and Response (MDR) services.
MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organizations’ security team, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack to gather and analyze intelligence.
MDR providers often use a combination of host and network-layer technologies as well as advanced analytics, threat intelligence, forensic data, and human expertise to rapidly identify and neutralize threats. The goal of MDR is to detect and respond to threats in customer environments that have circumvented preventative security controls. MDR providers have risen to fill in the threat detection and response gap left by these tools.
Not all MDR services are equal. One increasingly important customer requirement of MDR services—and one that still very few vendors provide—is the ability to take targeted actions to neutralize threats on the customer’s behalf versus simply notifying them of potential or imminent threats.
Effective MDR services require analysts to conduct methodical investigations to determine the validity and scope of potential threats, minimize false positives, neutralize confirmed threats, and provide additional context and recommendations for improving an organization’s overall security posture.
As a market leader in advanced threat prevention with a deep legacy of pioneering cybersecurity offerings, Sophos develops solutions by truly understanding customer challenges. In this regard, Sophos Managed Threat Response (MTR) service provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully managed service. Going beyond just notifying customers of attacks or suspicious behaviours, the Sophos MTR team takes targeted actions on customers’ behalf to neutralize even the most sophisticated and complex threats.
According to a recent report by Gartner, 50% of organizations will be using MDR services by 2025, which is an increase from less than 5% in 2019. This further validates that continuous cybersecurity monitoring along with existing preventive measures are vital for enterprises to successfully minimize organizational vulnerabilities and ensure business continuity.
To sum up, MDR is an important component of the future of cybersecurity. Organizations that simply follow market trends will tend to always be a few steps behind the perpetrators. It is no longer sufficient to have a basic cybersecurity strategy in place – dedicated and continuous threat hunting, detection and response services such as MDR is indispensable to companies who aspire to thrive in the changing threat landscape.
By Pieter Nel, Regional Head – SADC at Sophos