Is Your MSSP Bringing a Knife to a Gun Fight? Combat Better with MDR

Sachin Varghese
By Sachin Varghese

January 2, 2018

If you are a mid to large enterprise, chances are your MSSP is providing you a basic security monitoring service that is necessary, but insufficient in today’s dynamic threat landscape. In this blog, we focus on what you should be looking for in a cyber defense provider, and where traditional MSSPs today are missing the mark or falling short in defending your cyber.

Largely, traditional MSSPs are failing their mid to large enterprise clients in the following critical areas for cyber defense:

Business Requirement What MSSPs Do What MSSPs don’t Do

Early detection of threats on business assets

MSSPs take in your security data and send you threat alerts. An MSSP will pull your security logs and alerts into their shared platform and notify you about threats if these alerts meet certain rules and reflect certain signature matches.

MSSPs miss over 70% of threats because they only take in security data for threat detection. Over 70% of breaches today are not detected through traditional rules and signatures. These attacks stay hidden or evasive. But they can be detected through analytics and machine learning applied to a much larger data set than traditional security data provides. These sources include netflow, packets, proxy, user access, end point internals and application internals.

Anticipating threats before they even reach you

MSSPs provide you with commodity threat intelligence feed on malicious IPs, ports, URLs and file signatures. These data are machine readable and you can put them into SIEM, IPS, firewall or URL filters

These threat feeds have a high level of noise. They do not provide context for your organization. You can’t use them for anticipating threats that affect you. The right service will take both machine- readable data, and unstructured data (including blogs, news, social media), and analyze that data to determine the likely impact of each threat to your organization. The next time you read about a hack like Equifax’s, your MSSP should have quickly identified any Apache servers in your organization with similar vulnerabilities, and provide actionable mitigation steps to prevent a similar breach However, most MSSPs cannot do this for you.

Increasing fidelity in attack detection- Picking up relevant alerts that need investigation

MSSP apply internal rules of thumb to select which alerts they will bring to your attention.

Medium-sized organizations can easily face thousands of alerts every day. No MSSP will have enough manpower to evaluate all your alerts. And, unfortunately, MSSPs also don’t have machine learning based systems to automatically evaluate all your alerts in a deeper historical context, nor in a threat intelligence context or your organization’s unique IT environment. Instead, they will select which alerts to forward you based on their top use cases. The result: A high chance a critical alert is overlooked because they didn’t meet a top use case.

Reduce time and effort in analyzing alerts

MSSP will send you alerts when they are triggered by rule matches. You will need to investigate these alerts for any impact or relevance. Your MSSP will provide additional log information based on your requests.

MSSPs can’t fully investigate and analyze your alerts. They lack the context for your environment. They don’t provide investigation tools as part of their monitoring service. In short: They cannot answer key questions about your alerts: Is there an impact? Are they benign? Are they currently indeterminate? What steps do I need to take to further determine their impact?

Lack of swift response to contain incidents and consequent damages

If you have a potential incident, MSSP will provide additional professional services for incident management. But these are often too slow to manage your incidents.

MSSPs do not provide continuous incident management services. They often can’t contain an attack that is spreading fast, nor execute a playbook for incident recovery, nor conduct root cause mitigation while working seamlessly with your internal team.

MDR DEMOWhat you get from Paladion’s MDR and what other MSSPs provide in separate pictures below:

Primary difference is due to type of technologies and type of skills- what technology and skills we have in MDR versus what MSSP provide-

MSSPs still have a place in the security landscape. But, on their own, they are not set-up to handle the complex, fast-moving, and highly-targeted threats. So, how does Paladion’s MDR service solve this challenge:

BUSINESS REQUIREMENT

  • Early detection of threats on business assets
  • Anticipating threats before they even reach you
  • Increasing fidelity in attack detection- Picking up relevant alerts that need investigation
  • Reduce time and effort in analyzing alerts
  • Lack of swift response to contain incidents and consequent damages

WHAT MSSPs DO

  • MSSPs take in your security data and send you threat alerts. An MSSP will pull your security logs and alerts into their shared platform and notify you about threats if these alerts meet certain rules and reflect certain signature matches.
  • MSSPs provide you with commodity threat intelligence feed on malicious IPs, ports, URLs and file signatures. These data are machine readable and you can put them into SIEM, IPS, firewall or URL filters
  • MSSP apply internal rules of thumb to select which alerts they will bring to your attention.
  • MSSP will send you alerts when they are triggered by rule matches. You will need to investigate these alerts for any impact or relevance. Your MSSP will provide additional log information based on your requests.
  • If you have a potential incident, MSSP will provide additional professional services for incident management. But these are often too slow to manage your incidents.

WHAT MSSPs DON’T DO

  • MSSPs miss over 70% of threats because they only take in security data for threat detection. Over 70% of breaches today are not detected through traditional rules and signatures. These attacks stay hidden or evasive. But they can be detected through analytics and machine learning applied to a much larger data set than traditional security data provides. These sources include netflow, packets, proxy, user access, end point internals and application internals.
  • These threat feeds have a high level of noise. They do not provide context for your organization. You can’t use them for anticipating threats that affect you. The right service will take both machine- readable data, and unstructured data (including blogs, news, social media), and analyze that data to determine the likely impact of each threat to your organization. The next time you read about a hack like Equifax’s, your MSSP should have quickly identified any Apache servers in your organization with similar vulnerabilities, and provide actionable mitigation steps to prevent a similar breach However, most MSSPs cannot do this for you.
  • Medium-sized organizations can easily face thousands of alerts every day. No MSSP will have enough manpower to evaluate all your alerts. And, unfortunately, MSSPs also don’t have machine learning based systems to automatically evaluate all your alerts in a deeper historical context, nor in a threat intelligence context or your organization’s unique IT environment. Instead, they will select which alerts to forward you based on their top use cases. The result: A high chance a critical alert is overlooked because they didn’t meet a top use case.
  • MSSPs can’t fully investigate and analyze your alerts. They lack the context for your environment. They don’t provide investigation tools as part of their monitoring service. In short: They cannot answer key questions about your alerts: Is there an impact? Are they benign? Are they currently indeterminate? What steps do I need to take to further determine their impact?
  • MSSPs do not provide continuous incident management services. They often can’t contain an attack that is spreading fast, nor execute a playbook for incident recovery, nor conduct root cause mitigation while working seamlessly with your internal team.

What you get from Paladion’s MDR and what other MSSPs provide in separate pictures below:

Primary difference is due to type of technologies and type of skills- what technology and skills we have in MDR versus what MSSP provide-

As an MDR (Managed Detection & Response) Pioneer and Leader, We Do Things Quite Differently.

1. You Need a Service That Takes No Half-Measures in Defending Your Cyber
We look at data from your entire IT stack. That includes user data, end-point internal data, and application data, as well as the data from your current security products. It also includes data and intelligence on threats and attacks worldwide, information we then use to see if your organization might be affected and to protect you before attacks can start.

2. Get High-Speed Defense Powered by AI
No single analytics system is enough to detect modern, blended attacks. We combine all four modern security analytics methods – endpoint, user behavior, network, and application threat analytics – in a single platform to detect sophisticated attacks against you. By using machine learning, security automation, and human intelligence, Paladion’s MDR detects advanced threats earlier and responds to them faster than traditional security monitoring. In fact, we typically reduce attack dwell time from 90+ days to lower than three days.

3. You Get Complete "Left of Hack to Right of Hack" MDR Services
We cover the entire spectrum from left of hack to right of hack, seamlessly and continuously. Paladion’s complete range of MDR services helps you anticipate and hunt for cyber threats, beyond passive security monitoring. And while our MDR solution can already significantly increase your IT security posture cost-effectively, it is also designed to augment traditional security systems, rather than replace them. We help improve both your security and your return on investment.

4. And Finally, You Receive High-Touch Cyber-Security Services
Most MSSPs are built to provide hands-off services to address a large number of clients’ low-level security issues. Unfortunately, modern cyberattacks are often highly targeted and customized to compromise their specific target. We offer highly personalized hands-on service—lead by our global teams of 1000+ security professionals—that addresses your unique security concerns.

MSSPs were very effective against traditional threats. But today’s cybercriminal has evolved, and it’s time to evolve your cyber defenses too.

How Would You Like to See MDR in Action? Request for a Demo Now >

As an MDR (Managed Detection & Response) Pioneer and Leader, We Do Things Quite Differently.

1. You Need a Service That Takes No Half-Measures in Defending Your Cyber
We look at data from your entire IT stack. That includes user data, end-point internal data, and application data, as well as the data from your current security products. It also includes data and intelligence on threats and attacks worldwide, information we then use to see if your organization might be affected and to protect you before attacks can start.

2. Get High-Speed Defense Powered by AI
No single analytics system is enough to detect modern, blended attacks. We combine all four modern security analytics methods – endpoint, user behavior, network, and application threat analytics – in a single platform to detect sophisticated attacks against you. By using machine learning, security automation, and human intelligence, Paladion’s MDR detects advanced threats earlier and responds to them faster than traditional security monitoring. In fact, we typically reduce attack dwell time from 90+ days to lower than three days.

3. You Get Complete "Left of Hack to Right of Hack" MDR Services
We cover the entire spectrum from left of hack to right of hack, seamlessly and continuously. Paladion’s complete range of MDR services helps you anticipate and hunt for cyber threats, beyond passive security monitoring. And while our MDR solution can already significantly increase your IT security posture cost-effectively, it is also designed to augment traditional security systems, rather than replace them. We help improve both your security and your return on investment.

4. And Finally, You Receive High-Touch Cyber-Security Services
Most MSSPs are built to provide hands-off services to address a large number of clients’ low-level security issues. Unfortunately, modern cyberattacks are often highly targeted and customized to compromise their specific target. We offer highly personalized hands-on service—lead by our global teams of 1000+ security professionals—that addresses your unique security concerns.

MSSPs were very effective against traditional threats. But today’s cybercriminal has evolved, and it’s time to evolve your cyber defenses too.

How Would You Like to See MDR in Action? Request for a Demo Now >

MDR DEMO

Tags: blog

About

Sachin Varghese

Sachin Varghese is EVP AMERICAS & CMO at Paladion. He has over 18 years of experience in Cyber Security, and has helped several leading enterprises in North America and Europe build resilient cyber security frameworks.

SUBSCRIBE TO OUR BLOG

WHITEPAPER

Buyer’s Guide to Managed Detection and Response

Download

Get AI Powered

Managed Detection and Response

REPORT

AI-Driven Managed Detection and Response

Download Report

EPISODE-25

Why Your ‘Likes’ on Facebook May Be Revealing Far More than You Thought

Click URL in the Post for the Full Podacst