Cyber security threats increase year on year at an alarming rate. This poses a risk to businesses as a malware infection could be costly to recover from. Not only can it result in a loss of earnings but it will also take up a lot of time. The average cost of recovering from a successful cyber attack for business in the UK is £65,000 and 57% of organizations being targeted by ransomware in the UK according to Sophos. Cyberthreats such as ransomware are very common with 66% of  businesses being hit by ransomware in the past year according to Sophos (link it).

Cybersecurity threats continuously grow and become more advance which in turn makes the need for advance security measures more important.

This is where managed threat and response comes to play, in a short the services provides business with a fully managed 24×7 service delivered by IT security professionals who detect and respond to cyber attacks targeting your business. Thus providing superior cyber security outcomes without adding any headcount. This blogs aims to describe the benefits of having a managed threat response solution in place, how it is used and what can be done with it.

With many different players in the market it is often difficult to select the right vendor when researching the appropriate MDR solution for your business. We will give our recommendation on this below.

 

What does a MDR Solution do?

A MDR solution (managed detection response) is a category of SaaS (Security-as-a-Service). These are services which are created by large cybersecurity organisations. The MDR services integrates with your current  IT security stack and pull data from there, along with active scanning and threat hunting. For example Sophos, CrowdStrike, CheckPoint etc. all provide MDR services in one shape or another.

As the name suggests it is a managed service which goes beyond detecting threat to resolving them on an organizations network. During this blog we will be discussing the fully managed option . Reports would then be made available in the management console for the security license in use, this can be reviewed to see which incidents took place over the last month, actions taken cyber threats and your security posture.

Features of an MDR solution include the following

• Incident Investigation: an alert will be investigated once detect, it will then be confirmed if it is a true incident or a false positive
• Proactive Threat Hunting: not all threat are caught by an organizations security suite. MDR providers will proactively search on the clients network and systems for an indication of compromise or a sign of an on going attack
• Reporting: reports are provided on the threats detected and the actions taken. Further useful information is provided on the root cause of the attack and the actions which should be taken to improve the businesses security posture

What Problems Does Having a MDR Solution Solve

Having a strong cybersecurity system in place is a challenge for most businesses. Hiring security professionals is expensive and managing everything can takes a lot of time. In most situations this would put a MDR solution out of reach for most small and mid sized businesses as there would not be budget for such a service to be provided in house, nor would there be enough activity on the network to warrant hiring a person to provide the service in house full time. This is where the benefits of as-a-service comes into play as businesses of all sizes are able to get access to a enterprise grade fully managed security service at a low predictable monthly cost. Please see a list of other threats which an MDR solves below:

• Advance Threat Identification: sophisticated cyber criminals have developed tools and techniques which enables them to remain undetected to many traditional cybersecurity solutions. Think of a standard anti virus license a zero day attack which is vulnerability in a software which a hacker can use to exploit as system as an example of Advance Persistent Threat which is hard to detect. By scanning the IT systems this can be detected by revealing and indicator of compromise. This can then be dealt with and resolved before any harm is caused
• Slow Threat Detection: many cybersecurity incidents remain undetected for a long period of time. An issue is often detected at a later state once the systems have been affected in an obvious way. As MDR is a managed service it is backed by detection and resolution SLAs ensuring that threats are detected at the earliest stages. This is achieved by deep level scans and looking for indicators of compromise
• Available as a 24×7 service: although your hours of business could be 9am-5:30pm Monday to Friday a lot of work and business takes place outside of this time. What happens if someone gets a malware infection at 8pm on a Friday night when no one else in the business is working? You can contact your IT Support partner however they to may have closed for the day. This is where MTR comes in, an MTR operates 24/7. There will always be cyber security professionals available in the SOC (security operations centre). Someone will be on hand to investigate and resolve the issue as quick as possible thus getting you back up and running in the shortest time without having to wait until it’s normal business hours. Your location does not matter, your office and IT support company could be London and you could be at home working in Bournemouth when this happens. In addition to this we can working with the MTR team to provide advance reporting and improve your security posture once the immediate issue(s) has been resolved. Over time this also improves the cyber security within your business.
• Security Posture Management: a good managed threat solutions will incorporate security posture management.
• Fast: building and implementing your own cybersecurity program takes time and can be expensive with the requirement for different licenses and tools. An MDR enables you to quickly overcome this as the service has already been created and is ready to use. An MDR will integrate with your current security setup as this is where the data is shared from. Think of your endpoint anti virus license for example. We personally use and recommend Sophos. So if you already have Sophos Central Intercept X Advance for Endpoint it will integrate directly with that and pull data from there. This create a type of security heartbeat where information is shared between different tools. It works right out of the box.
• Security Posture Management: this is the task of identifying misconfiguration issues and compliance risks. Once identified this can be remediated either by yourselves, the cybersecurity vendor or your IT support company/team. This works by examining your endpoints (PC, laptop, tablet etc.) and comparing it and its configurations against a set of best practices and security risks. Many hacks and breaches occur because of a misconfiguration. According to Gartner having a tool that includes cloud posture management can reduce threats caused by misconfigurations by 80%. The right MDR tool will make you continuously perform security posture management tasks and either make you aware of areas which require attention and include a list of recommended task. Or if automated fixes are enabled it will automatically apply the fixes based on best practise recommendations.
• A good managed threat detection service will unify the cybersecurity protection within your organisation. By extending capability across the entire network and integrating with the existing services and IT support team already in place.
• Budget: hiring someone with the necessary cybersecurity skills and expertise is expensive. Especially in London where there is a skill shortage for this. There is also the question of productivity. For most small-medium sized business it would not make sense to hire cybersecurity professional. In this instance it is best to use MDR as an outsourced services. You get instant access to a team of talented professionals, the onboarding process is very quick and you do not need to spend time or resources on training. Everything can be setup and configured by your IT support company or staff.

Choosing the right MDR Solution

Selecting the right MDR provider can be tricky as there are many different businesses which offer this. However there are a few important factors to take into consideration. The first is the in house expertise and knowledge that the provider has in house. The right provider will have the necessary in house expertise and skills set to deal with any situation that the customer can encounter. This includes being able to provide the service 24/7 and have the right processes in place to secure different cloud platforms as this has to cover everything. Having the team based in the United Kingdom is also a big plus.

Another important factor to take into consideration is having a solution that does not cause alert fatigue by constantly bombarding either IT personnel with security notifications. Having a solution that prioritizes alerts and makes you aware of the most important issues.

Other factors should also be taken into consideration, such as the number of cyber security professionals managing the security operations centre. The location of the team, and the usage of the other security products they supply as much of the data and AI learning used in the on going threat detection services will be pulled from those large datasets in one way or another. The SLAs in threat response times and threat remediation are also very important along with the stats in the number of threats detected etc. This information is readily available for most of the main vendors.

We use and partner with Sophos for this service, they are the leading Cyber Security As A Service company and they tick all of the boxes when it comes to MDR, our team work in close proximity with them to provide industry leading solutions. Sophos is number 1 for threat expertise and response times with over 15000 companies already using Sophos MDR. This gives their team of over 500 cybersecurity professionals expertise that other providers cannot match.

By using Sophos MDR you can benefit from the average threat response and resolution time of 38 minutes. And with over 500,000 companies using their endpoint, network, email and cloud security solutions they have a wealth of real-time threat intelligence which is shared with Sophos MDR analysts. This allows Sophos to quickly discover threats as they happen and issue the correct fixes in record time.

Conclusion

MDR and the services it provides is a game changer, it makes industry level cybersecurity services available to all businesses on a subscription basis and works well as an on going cybersecurity solution. With cyber threats constantly evolving it is important to have the right security stack in place to avoid a costly and damaging attack. The service is provided 24×7 giving your business direct access to cybersecurity professionals based in the UK. By leveraging alerts across your entire IT ecosystem. It is important to have next generation endpoint protection and firewalls. However for stopping human led attacks 24×7 monitoring and response is required.

By connecting your current security setup with Sophos the correct data and insights can be made available to block and neutralize threats at a record rate.

Think of it as a close circuity CCTV system which has other sensors and detection capabilities which is always on and managed by a team of experts. MDR works in the same type of way. Your office and IT support team could be based in London, a member of the team is working remotely on their device when a threat is detected. This would alert the MDR team and the necessary actions are taken to neutralize and remove the threat. Your IT support company or team can then investigate further and make the necessary changes to mitigate the chances of it occurring again.

Cyber attacks are costly and take up a lot of time and resources. The risk from cyberthreats can be minimised by having the correct tools in place and the resources available to keep your cybersecurity posture in good health and resolve any detected issue. For this reason having an MDR solution alongside the services you currently get from your IT support company is a good choice. It will give you a 24 x 7 cybersecurity services that is available for all of your staff. With the rise of advanced persistent threat having a human lead solution which links in to the rest of your security stack and also leverages machine learning an AI will be beneficial in both the short and long term.

If you would like to learn more please fill out the form below and one of our friendly IT consultants will get in contact with you. We are a leading IT support company based in London with extensive experience working with small to medium sized businesses.

Feel free to get in contact to book your complimentary consultation, you can call us on 02085188353 , click here to fill out a contact form or email myself on sean@accldn.co.uk.