Cyberattack: Benefits of managed detection and response

In 2022, the FBI issued alarming statistics around the cost of cybercrime - $43 billion through business email compromise, a 65 percent increase in global losses, and a 62 percent year-on-year increase in ransomware attacks.

These risks, among many others, are increasing in intensity and capability, driven by organised cybercrime, artificial intelligence (AI) tools, and cybercrime-as-a-service.

The threats are complex and evolving, and to combat this, companies can create a robust security strategy that connects the dots across people, processes, and platforms through integrations that embrace zero trust.

However, simply buying the tools that give organisations the right level of battle armour does not necessarily reduce the risk or impact of cyberattacks, as the actual implementation, maintenance, and operation of these tools can be costly, time-consuming and require specialised skills not readily available to most organisations.

Companies want solutions that will help them to combat today's cyberattacks without being distracted from their core business.

This is one of the primary reasons why managed detection and response (MDR) has gained traction – as Gartner points out, its delivery of remote security operations centre functions ensures that organisations have the functions they need to ‘rapidly detect, analyse, investigate and actively respond’ to threats.

The firm also predicts that MDR will be actively used by 60 percent of organisations compared with 30 percent today.

Why? Because MDR providers are intensely focused on leveraging state-of-the-art security tools, firewalls, security gateways and endpoint detection response solutions so that they can deliver unified security operations with better outcomes for clients.

The MDR service is delivered through platforms that ensure that the organisation’s workloads across multi-cloud, different applications and systems are secured effectively and that this security is integrated correctly.

That said, perhaps one of the most significant benefits of MDR is its ability to reduce alert fatigue by effectively managing alerts that previously would have bombarded the organisation’s security team.

Security systems are designed to gather signatures across endpoints, networks, and cloud workloads, compare these against known signatures and then issue alerts.

These alerts that come from around 100 different sources can stack up to around 10,000 daily and this is an immediate problem on two levels.

The first is the needle in the haystack – finding the true alert within the volume of false positives that are bombarding the SOC.

The second is the inevitable fatigue that comes with the tsunami of alerts on a daily, weekly, and monthly basis. MDR is inherently capable of managing the alerts and lifting the burden from the business.

At a time when security is critical and the threats multiplying, MDR delivers better security outcomes such as reduced risk and impact which are key focus areas for companies, regardless of the technology spend.

Only providers that have decades of security experience, a simplified platform that guarantees a short time to value, make a true case for MDR – it is the route to security simplicity without compromise, within compliance.

Robert Ngetich, Team Lead, Threat Intelligence Centre, Dimension Data East & West Africa.