Increasing Cyber Maturity Through MDR Services

Skilled threat hunters are hard to come by. Keeping them trained and retained is even more difficult.

July 28, 2020 12 minute read

Every cybersecurity program needs a plan for threat detection and response. This is a given. Yet while most security leaders view this as a high priority, many organizations don’t have the staff or skills to perform these tasks alone.

But there are alternatives.

According to recent research, 82 percent of cybersecurity professionals agree that improving threat detection and response (i.e. mean-time to detect (MTTD), mean-time to respond (MTTR), etc.) is a high priority at their organization. Furthermore, 77 percent of cybersecurity professionals surveyed say business managers are pressuring the cybersecurity team to improve threat detection and response.

But the problem is that threat detection and response is hard to pull off well.

In fact, 76 percent of those surveyed claim that threat detection and response is either much more difficult or somewhat more difficult than it was two years ago. The reason? Cybersecurity professionals regularly deal with an increase in the volume and sophistication of attacks, an increasing workload (i.e. "do more with less") and a growing attack surface. And then there's that nagging issues of shortages when it comes to cybersecurity ninja.

Many organizations don't have the right people or skillsets to make a significant impact in this area.

The basics of MDR

In response to these harrowing conditions, many CISOs are turning to partners like WWT for help, making managed detection and response (MDR) one of the fastest-growing segments in the cybersecurity market.

"But what is MDR?" you might ask.

MDR is a proactive and advanced approach to manage cybersecurity by detecting malicious activities in your network or any other cybersecurity breach. It also provides security threat hunting, cybersecurity monitoring, assists in rapid breach incident analysis and response to eliminate threats from your system.

This market is growing rapidly. According to Gartner, “by 2024, 25 percent of organizations will be using MDR services, up from less than 5 percent today.” But confusion around vendor selection and what effective MDR looks like is high. The sheer number of providers capitalizing on interest in MDR is growing by the day, but their capabilities vary wildly. Gartner noted that “some MDR buyers are already considering, or have already moved to, their second provider due to mismatched expectations and unfitting outcomes.” We believe that getting it right the first time is critical.

With cyber-threats rising daily, both in volume and sophistication all over the world, your organization needs to be familiar with how to detect and have a quick response to cyber-incidents.

It is not enough to have your firewall up while you sit and wait for breaches that will threaten your company’s reputation. With a well-managed and strategic approach to threat detection and security incident response service, the burden of data security is taken off your in-house security team.

What are CISOs saying?

When asked to provide a rationale for MDR, CISOs responded:

  • 32 percent say their organization needed rapid threat detection and response improvements and decided that MDR provided a faster path than a homegrown approach. This happened a few years ago in the healthcare sector after the Anthem breach. Healthcare CISOs understood they had to make calculated (yet immediate) decisions and sought out help wherever they could find it.
  • 29 percent claim that their organization is already working with one or several managed security service providers (MSSPs). Given the rapid growth in MDR, many service providers (and product vendors) are jumping on the MDR bandwagon and offering a streamlined transition for existing customers. There’s a lot of “try before you buy” going on.
  • 28 percent believe an MDR provider can do a better job of threat detection and response than their organization can. This is an impressive data point. Based on current trends, expect this number to increase steadily over the next few years.
  • 27 percent admit that their organization tried threat detection and response technologies but found them to be beyond their abilities, so they turned to MDR as an alternative. It's not uncommon to encounter a customer in this situation. This often comes up during our Security Tools Rationalization Workshops. There are many failed projects out there, and it's not often the fault of the team. They were carrying a boulder up the mountain.

I'll be frank with you. Threat detection and response require a level of process and resource maturity that most organizations don’t have. Additionally, the technologies used for threat detection and response (i.e. endpoint detection and response (EDR), network traffic analysis (NTA), malware sandboxes, threat intelligence, security analytics, etc.) can be expensive and complicated.

What if there was a way to tackle this problem, that included consolidating endpoint agents (smaller footprint) and partnering with a trusted solutions provider? We have an answer for you. There is an easier way to get this done.

But what about tools?

Do you know what we suffer from in the industry today? It's what my friend and colleague, Tim Robinson, calls "tool mania." Everyone is on a hunt to find the latest and greatest tool.

And OEMs don't help the conversation by showing you a "report card" with an A+ in every category. Just because you won in the latest NSS Labs testing doesn't mean you're the best fit in every situation. Would you take a NASCAR rig to Home Depot to pick up some lumber? I don't think so.

But here's the deal. (Allow me to put on my sales hat for just a minute.) There's one OEM that does security exceptionally well, and it's VMware.

Security needs to be a team sport, spanning network, IT, operations, developers, lines of business and security teams to remove friction, inefficiencies, complexity and clutter. VMware’s intrinsic security vision aims at reducing the number of specialty players while uplifting the state and durability of security.

Carbon Black accelerates VMware’s intrinsic security strategy across the most important security control points — network, workload, endpoint, identity and analytics. Carbon Black also provides VMware with a security platform that has powerful data lake and analytics capabilities, backed by artificial intelligence and machine learning. VMware is aggressively taking a significant leadership role in security for the new age of multicloud, modern apps and modern devices.

VMware intrinsic security strategy

Today, the VMware Carbon Black cloud-native security platform is at the center of the VMware security portfolio. Its security solutions use advanced analytics to uncover how (and why) attackers behave the way they do, helping to frame a narrative about how to best protect your most critical assets. VMware Carbon Black Cloud empowers users with greater visibility and control through a single lightweight agent that transforms endpoint protection — for today and tomorrow’s evolving needs.

VMware Carbon Black Cloud Endpoint Standard is a next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution that protects against the full spectrum of modern cyber-attacks.

In fact, it was Carbon Black that created the application control and endpoint detection and response (EDR) categories and pioneered next-generation antivirus.

WWT offers VMware's intrinsic security portfolio, end-to-end. We're not just security experts. We play in every area you have to protect, from desktop services and data center to complex multicloud environments. We employ the world's leaders in technical acumen and we offer the services to implement and mature your security program.

Why you need MDR services for your cybersecurity plan

Let's do a quick recap at this point, before we change gears and drive towards our service capabilities.

  • So MDR is important? Check.
  • CISOs are considering an outsourced MDR option as part of their program? Undeniable.
  • WWT partners with VMware to offer best-in-breed, end-to-end security? Got that right.

It is predicted that 15 percent of mid-sized businesses and bigger corporations will be using MDR services by 2020. That's a significant shift from the less than 1 percent of companies that are currently using them. This is because MDR in cybersecurity will provide more help than other services.

Here are five reasons why you need MDR services for your cybersecurity plan.

1. Proactive threat detection

Unlike security monitoring services offered by MSSPs and other security providers, MDR is proactive. There is an instant hunt down function that utilizes advanced behavioral and high-tech endpoint analytics and statistics to hunt for unknown threats before they obtain your company’s database and network. MDR enhances your company’s ability to automatically detect the latest threat act that preventative cybersecurity solutions, such as antivirus and firewalls software, may easily miss.

2. "Trust but verify"

Do you remember the old Ronald Reagan quote, "trust but verify"? Efficient MDR services do not just hunt for threats and fill up your inbox with notifications. They perform thorough investigation and verification. This is to avoid “false alarms” of cyber attacks that may waste valuable time, resources and manpower. This is more effective than the traditional managed service that simply passes unverified alerts. Before an alert is brought to the attention of your in-house security team, every alert is thoroughly investigated to ensure it is a genuine incident that requires immediate action.

3. Experienced threat-hunting ninjas

MDR service providers offer certified expertise that many organizations may lack internally due to the cost. By choosing MDR, you can be certain that your network is under the close watch of experienced cybersecurity professionals who are actively committed to the success of your company’s cyberspace security.

By opting for an all-in-one MDR service provider, you reduce the burden of in-house security team recruitment and the huge financial cost of purchasing technologies. MDR service providers typically offer complete threat detection and response packages at an affordable fee.

4. Help with regulatory compliance

MDR providers supply all the required latest security technologies needed to facilitate successful threat detection and response like intrusion detection, cyberspace vulnerability scanning, analytics of cyberspace behavioral patterns and endpoint analytics. They also ensure your cyber-defense procedures are compliant with regulatory bodies. A professional cybersecurity service provider will help review your processes and ensure best practices for following regulatory compliance at all times.

5. Integrated incident response

In the event of a breach happening, MDR service providers ensure every event is monitored and managed by a team of dedicated security experts that have the knowledge and toolset to shut down threats before they cause damage to your business. This will help focus the attention of your in-house teams on shutting down threats, rather than the complex and resource-intensive task of discovering them. MDR in cybersecurity provides the assistance needed to rapidly eliminate threats and address vulnerabilities. According to research from the Ponemon Institute, it takes up to 191 days to identify a cyberspace and data breach. With MDR, the detection time is reduced to minutes, which speeds up quick mitigation incidents before they cause disruption.

Where do we go from here?

WWT, in partnership with Foresite, provides a host of managed threat detection and response services and has many years of experience with organizations across industries like retail, financial services, and the public sector.

With WWT's MDR and Threat Hunting Services (powered by Foresite), you may experience the following outcomes.

Increase operational efficiencies

  • Monitoring and management 24/7/365 thereby lightening the burden on FTE and on-call resources.
  • Dedicated cybersecurity SOCaaS allows for repurpose of internal resources in order to create the most efficient program possible.

Reduce expense

  • Dedicated and trained cybersecurity staff with less overall direct expense (staffing, training, benefits, etc.).
  • Predictable as-a-Service pricing model, combining a full-featured suite of people, process and technology, leveraging the strengths of WWT and Foresite together.

Reduce risk

  • Measurable improvements, reducing the Mean Time to Detect (MTTD), Mean Time to Respond (MTTR) and overall remediation times within the environment.
  • Industry-leading best practice support in order to reduce the overall threat landscape and appropriately respond to breach activity.

How is this achieved?

WWT's MDR and Threat Hunting Services (powered by Foresite) can leverage your existing implementation of Carbon Black or roll in licensing cost into the service contract. Our services include identification of potential compromise of the environment, devices and/or user accounts. Our team of experts will regularly analyze application activity, network connectivity and identify potential compromise.

WWT's MDR and Threat Hunting Services (powered by Foresite)
WWT's MDR and Threat Hunting Services (powered by Foresite) can support Carbon Black, Cylance, Crowdstrike and Cisco AMP.

The ProVision Security Suite provides a range of comprehensive cybersecurity services from security testing to monitoring, management and active threat hunting across the estate. Jason Humphreys, SVP of Managed Services at Foresite stated, “As the ever-evolving complexity of threats is increasing, traditional preventive security needs enhancing to defend against cyber-attacks. MDR provides active threat hunting and early detection of potential threats, accelerating the response to enable security teams a much greater chance of eliminating potential issues.”

To get the best out of an MDR provider, customers are looking for three important criteria:

  • the ability to deploy and manage an extremely effective EDR platform;
  • the ability actively manage the threat hunting, improving the time-to-value; and
  • the ability to focus on the all-important ‘R’ in MDR with experienced incident response.

Strategically aligned with Carbon Black, WWT's MDR capabilities (powered by Foresite) get the best out of the technology, enabling speed and quality of response. We focus on outcomes, not alarms.

Ready for the next step?

At WWT, we can help you understand how to address challenges unique to your company in order to achieve the business outcomes you need. No matter where you are in your endpoint protection journey, together, we can evaluate, design, implement and operate the best technology to secure your endpoint ecosystem. 

For more on endpoint security, we recommend scheduling an Endpoint Security Briefing or connecting with an expert to discuss your current environment and how we can help.

Share this