MDR, taking the complexity out of security

Reading time: 6 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Many companies are coming to the realization that an effective anti-malware tool is insufficient to protect their business in today’s threat landscape. It is this realization that has driven the uptake of a more comprehensive service, known to the industry as Managed Detection and Response, or MDR for short. This service helps small to medium enterprises limit risk to their businesses by outsourcing 24/7 Detect and Response operations  to an established service provider allowing them to reduce complexity and cost.

Today, consumers and businesses expect all information to be available all the time. Cloud, hybrid cloud, BYOD, IOT and countless other technologies have eliminated the security perimeter and present a host of new and evolving challenges when delivering an effective security program. Most organizations want an effective cyber-security operation, but many lack the expertise and resources to build a fully modern operation. Instead, they are forced to rely on automation and tooling leading to a reactive platform that is not capable in detecting today’s attacks. Effective security operations are based on contextualized threat intelligence which allows the security team to understand what our adversaries are trying to achieve and the tactics, techniques and procedures (TTPs) that they are employing to achieve it. This knowledge enables a security team to proactively hunt down threats, mitigate attacks and minimize impact to the business which is the desire of every CEO.


Prevention delivered by an effective and proven end-point solution remains critical, but tools alone are not enough. Well trained, well-equipped and critically warm-bodied attackers are harnessing social engineering to enhance phishing and spear-phishing attacks every day. If today’s businesses are to be secure, they must match these hackers, with equally well trained and well-equipped analysts who are capable of understanding potential attacks, predicting ways to identify them and then hunting them down. Doing so not only requires hard to find and expensive analysts, but also requires a full set of tools to provide visibility into the environment, a comprehensive correlation capability and all of the associated automation to enable rapid response. Building and maintaining an effective security operation is not only expensive, but very difficult to achieve.  


On-demand security expertise with MDR


In order to deliver an effective Detection and Response service, MDR teams bring the People, the Process and the Technology they need with them. In addition to the tools that provide visibility into the network and exactly what is happening on the endpoint, MDR includes a security analytics capability, sometimes still referred to as a SIEM (Security Information and Event Management), to enable the analsts to hunt for threats an investigate issues. A Security Orchestration and Response (SOAR) platform is used to automate lower-level tasking and ensure that analysts are focused on high-skill, high yield activity. Finally, a Threat Intelligence Platform (TIP) is utilized to maintain a clear understanding of the threats that a business is exposed to and the capabilities that are needed to mitigate those threats.


Including these tools as part of the service is valuable as selecting, testing and implementing technology platforms is time-consuming and expensive. Similarly, building the process to deliver an operation in a fast-evolving threat landscape is difficult and requires financial and personal investment. But, arguably most critical, the people required to build and run such an operation are hard to find, expensive to recruit and difficult to retain. When a business selects an MDR service they are investing in an expert team that they would be unlikely to afford independently.


Staying ahead of the curve with MDR


All companies demand growth, but new customers, new technology platforms, and new geographical regions all increase the size of the attack surface. A Managed Detection and Response service represents a ready-made capability that can adapt to any business and grow with it. They have hired the team, built the operation and they are validating it every day, often at significant scale. For many companies, outsourcing such a complex, but necessary, part of the business operation can free up resources to focus on a company’s core business.


For a more in-depth discussion about the Bitdefender GravityZone Managed Detection and Response Service (MDR) you can check out the discussion with Daniel Clayton, Senior Director Managed Security Operations, and Jarret Raim, Senior Director, Managed Services.


Bitdefender's 2020 TAG Cyber Security Annual Outlook is also available, covering 50 different cyber controls for enterprise, governance, network, data endpoints and industries.