By Pieter Nel, regional head for SADC at Sophos.
The accelerated adoption of cloud, digital transformation and remote working, in the wake of the ongoing pandemic, has expanded the attack surface for cybercriminals. Adversaries are also changing their tactics, techniques and procedures to increasingly launch cyberattacks that combine automation with active human interaction or “hands on keyboard” hacking. In these types of attacks, adversaries attempt to manually circumvent preventive solutions, such as firewalls and endpoint security, and leverage administrator tools, pen test tool kits, and poorly designed or easily exploitable applications to escalate privileges and move laterally.
Due to the increased use of these attack methods, IT leaders need to ensure their current cybersecurity defences can stand up against active cyberattackers by including a proactive threat hunting component.
Threat hunting requires the right tools, people and processes in-house to effectively manage security around-the-clock. Yet, many businesses struggle to put all of these much needed pieces in place. This dilemma has given way to a new solution: Managed Detection and Response (MDR) services.
MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organisations’ security team, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack to gather and analyse intelligence.
MDR providers often use a combination of host and network-layer technologies as well as advanced analytics, threat intelligence, forensic data, and human expertise to rapidly identify and neutralise threats. The goal of MDR is to detect and respond to threats in customer environments that have circumvented preventative security controls. MDR providers have risen to fill in the threat detection and response gap left by these tools.
Not all MDR services are equal. One increasingly important customer requirement of MDR services—and one that still very few vendors provide—is the ability to take targeted actions to neutralise threats on the customer’s behalf versus simply notifying them of potential or imminent threats. Effective MDR services require analysts to conduct methodical investigations to determine the validity and scope of potential threats, minimise false positives, neutralise confirmed threats, and provide additional context and recommendations for improving an organisation’s overall security posture.
As a market leader in advanced threat prevention with a deep legacy of pioneering cybersecurity offerings, Sophos develops solutions by truly understanding customer challenges. In this regard, Sophos Managed Threat Response (MTR) service provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully managed service. Going beyond just notifying customers of attacks or suspicious behaviours, the Sophos MTR team takes targeted actions on customers’ behalf to neutralise even the most sophisticated and complex threats.
According to a recent report by Gartner, 50 percent of organisations will be using MDR services by 2025, which is an increase from less than 5% in 2019. This further validates that continuous cybersecurity monitoring along with existing preventive measures are vital for enterprises to successfully minimise organisational vulnerabilities and ensure business continuity.
To sum up, MDR is an important component to the future of cybersecurity. Organisations that simply follow market trends will tend to always be a few steps behind the perpetrators. It is no longer sufficient to have a basic cybersecurity strategy in place – dedicated and continuous threat hunting, detection and response services such as MDR is indispensable to companies who aspire to thrive in the changing threat landscape.
[Image – CC0 Pixabay]