Organisations and cybersecurity experts are waking to this reality, and shifting their focus away from prevention, and towards managed detection and response services. IBM predicts 2018 will be the first year a major company will respond appropriately after suffering a significant breach. At the same time, Gartner argues detection and response capabilities will "drive a majority of security market growth" through 2022.
MDR services assume a breach will happen, and answers the question, "how do we act quickly to prevent a breach from becoming catastrophic?" MDR services continuously monitor your systems to find breaches in real-time. They then quickly shift to respond in near real-time. While MDR services do focus on what happens after a breach occurs, they do not ignore threat prevention entirely. A mature MDR program provides full left-to-right of the hack protection, including the following services:
Threat anticipation: Continuously reviews the global threat landscape to identify, and protect your systems from most likely threats.
Threat hunting: Deploys data science and machine learning models to proactively uncover known and unknown threats in your networks.
Security monitoring: Applies real-time rules to logs and security events to detect known attacks and compliance violations.
Incident analysis: Triages alerts to focus on evaluating your most relevant threats, and queuing up response in the case of security incidents.
Incident response: Executes rapid, coordinated containment, eradication, and recovery from major incidents.
Breach management: Leverages human experts and machine learning to derive lessons from the breach, and strengthen your system from similar future attacks.
The transition to MDR-led security services in 2018 faces certain challenges.
In 2018, much of this challenge will come from contending with stringent new privacy and data protection regulations (such as the European Union's General Data Protection Regulation) and selecting the right cybersecurity provider.
The MDR service provider market will appear confusing, as traditional MSSPs attempt to adopt MDR-like services (or, perhaps, to simply adopt MDR branding without fundamentally changing their service offerings). However, it's imperative to cut through this confusion. Select an MDR-first provider who has dedicated years of investment in anomaly investigation, forensic capabilities and response playbooks.
Challenging or not, MDR adoption is no longer optional. The average cost of a single data breach will exceed $150 million by 2020, and by the end of 2018, cybercrime damages are projected to exceed $9 trillion globally. Will you join these statistics in 2018? Or will you protect yourself with MDR