New tools for managing cybersecurity
With malware continuing to grow even more sophisticated, insurers and their clients are finding new tools to address these risks.
The cyberthreat landscape continues to evolve at a rapid pace. The COVID-19 pandemic has forced a large portion of the global workforce to work from home. This has expanded the attack surface with unsecured devices, unauthorized software, unsecured WiFi and cloud applications. Workers (including IT staff) are confused and distracted when working at home and present soft targets for cyberattacks. Although rapid identification and remediation is a high priority for cybersecurity professionals, more than 80% of them are feeling overworked. The situation may have exacerbated owing to the pandemic.
Next-generation cybersecurity solutions on the rise
Sophisticated malware is extremely difficult to detect. It can remain patiently in your systems for a long time, waiting for the right moment to strike. Modern endpoint security solutions like Endpoint Detection and Response (EDR) focus on tracking endpoint behaviors and can help deal with a shifting attack surface. The problem, however, is that deploying expensive EDR solutions is not enough unless an experienced team of analysts are working round the clock to monitor security alerts. And the reality is that 76% of cybersecurity leaders are already citing a global security skills shortage and are unable to use technologies to their full advantage. It’s like buying an expensive mobile phone and using it only to make phone calls.
Similarly, managing an in-house Security Information and Event Management (SIEM) platform adds loads of complexity and overhead to the business. This is especially true when an organization is collecting data from hundreds of different sources and devices like cloud apps, firewalls, switches, servers, smartphones, sensors, Internet of Things (IoT) devices, EDR and more. Unless this data is processed, analyzed and acted on in real-time, it’s not really useful. Research suggests that SIEM platforms can cause alert fatigue and take a heavy toll on cybersecurity teams as they attempt to sift through thousands of alerts.
Legacy managed security services still leave you vulnerable
In order to fight these skill and resource constraints, businesses are outsourcing to Managed Security Services Providers (MSSPs). Per IDC analysts, managed security services held the largest share in global security spending in 2019 and is slated to grow by double-digits for the next five years. MSSPs help organizations monitor and maintain day-to-day security needs such as maintaining firewalls, updating security software, patching endpoints and achieving security compliance. While MSSPs are primarily focused on perimeter-based security as well as rule-based detection to identify known threats, they lack the security skills-set to carry out forensics, threat hunting or doing a deep dive into security analytics.
MDR is the next generation of managed services
Managed Detection and Response (MDR) is one of the fastest-growing areas in the cybersecurity market. Gartner says that by 2024, 40% of mid-size organizations will use MDR. IDC calls it the next generation of managed services. But, unlike managed services, the scope of MDR is not defined by technologies per se but rather by specific security goals or use-cases in mind.
MDR providers use a full backpack of various cybersecurity tools such as EDR, SIEM, network traffic analysis, User and Entity Behavioral Analytics (UEBA), asset discovery, vulnerability management, intrusion detection and cloud security.
Why using an MDR service makes sense
MDR can provide integrated technology, analytics and human expertise at scale. A well-managed solution can truly empower organizations and bolster their cybersecurity posture. Reasons why an MDR strategy is compelling include:
- Accelerated threat discovery, reduced alert fatigue and faster response times: MDR leverages cybersecurity expertise and best-in-class cybersecurity tools to ensure your network and endpoints are proactively monitored for advanced persistent threats (APTs) and evasive malware. They also help filter out noise (false positives, non-critical alerts) generated from security products and help cybersecurity teams focus on the priority vulnerabilities. Having committed teams at your disposal also translates to faster response times in case of a breach/security incident.
- Access to committed security expertise: MDR ensures you have committed access to cybersecurity teams round the clock. Without an MDR service, IT teams might go to the extent of identifying the email that caused an infection and attempt to clean up the endpoint by using a legacy endpoint security solution. But MDR teams will go much further. They will investigate the security incident in-depth by performing extensive forensic analysis, identify the kill chain, plug security loopholes and clean the machine from the kernel all the way up to the operating and file systems.
MDR comes in many flavors and recognizes that a one-size-fits-all approach doesn’t work. It’s important for organizations to choose the right MDR provider that aligns with the needs of the individual business.
Michelle Drolet is CEO of Towerwall, a highly focused, specialized cybersecurity, cloud and virtual CISO services firm with clients such as Foundation Medicine, Boston College and Middlesex Savings Bank. Reach her at michelled@towerwall.com.
Related: