Managed Detection and Response – What is it?
Managed Threat Detection and Response (MDR) is a managed cybersecurity service that detects malware and malicious activity in your network, and assists in the rapid response to eliminate those threats and fix any action that was taken. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.
Isn’t That What MSPs/MSSPs Do?
While MSP/MSSP providers oversee and manage the client’s network and security (through device security management, vulnerability scanning, patch management, log monitoring, management of detection systems/firewalls, and so on), an MDR provider is focused on threat management, i.e. discovering attacks that have bypassed existing protections, threat validation, and providing containment and remediation advice. But some clients want more: somebody to help solve their problems, not just point them out. This is where ISM’s Managed Threat Response (MTR) comes into play.
Doesn’t My Firewall Protect My Network?
Kind of… Firewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade it’s become clear that they’re not enough to fully secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” we’re all feeling today. Recent major hacks such as Marriott (2019), JCrew (2020), and most recently US SBA, demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, social security numbers, and other forms of personal information.
What About AI (Artificial Intelligence)?
Artificial intelligence for security problems is just now budding. Automating intelligence using computing has potential, but that potential won’t be met for some time AND there’s a growing arms race with criminals that weaponize AI to defeat AI. For the forseeable future, the only way to protect against today’s advanced threats is to combine the best tools with the brightest human minds. With that said, AI can be an incredible force multiplier to human expertise. ISM’s MTR uses advanced threat detection to sift through millions of network events and identify suspicious activity for human investigation. Our SOC analysts then investigate to confirm whether or not a security incident has occurred.
What Happens When There is a Security Event?
When an event occurs, we use “notify mode” – a starting point for organizations who aren’t sure how involved they want us to be. Later they can graduate to “collaborate mode”. In the collaborate mode, we are working with them to get authorization to take needed actions ad hoc. As we collaborate, there will be more and more decisions that they’re authorizing us to go ahead and take action on. Then, in the “authorize mode”, our SOC analysts handle containment and neutralization, informing the client of the actions being taken. Most of our clients use the authorize mode; we take care of the incident, all while keeping them informed. Our goal is to provide customizable, specialized, and highly effective service delivery for organizations of all sizes and maturity levels. The size of an organization shouldn’t dictate the quality of the service it receives.
The only way to protect against today’s advanced threats is to combine the best tools with the brightest human minds.
Our Managed Threat Response (MTR) is a game-changer, combining machine learning with human analysis for an evolved approach to proactive security protection. The customizable offering strengthens our existing threat-hunting capabilities and helps us better protect our customers. Need more information to make a move to more enhanced security? Contact us at firstname.lastname@example.org.