The primary reason cyber defenses are failing is the dependence on preventive defense. No organization can prevent a breach at all costs; regardless of how sophisticated their security technologies are. So, the focus should shift from a preventive approach to a hunting approach.
To illustrate the point with an example; the Equifax incident occurred in mid-May and was discovered only by the end of July. Similarly, the Deloitte data breach took place between October and November 2016 and was only discovered in March next year. This is higher than the average dwell time. Their robust security program still could not protect them because it was focused on prevention. It is paramount to move away from this approach and focus on detecting breaches at the speed of attacks. An SIEM supported by traditional security technologies cannot make this happen. What’s needed is a proactive Incident Detection and Response Plan that uses threat hunters, security analytics, machine learning, and automation.
An effective way to reduce dwell time or mean time to detect (MTTD) is to actively hunt for threats in your environment and not wait for the SIEM to throw up an alert. Traditional SIEMs are based on rules and correlation, which means it cannot detect non-signature based threats and creative attacks. This gap can be addressed by Managed Detection and Response (MDR) services. MDR-based services bring the latest threat intelligence, advanced security analytics for deeper threat discovery, and threat hunting talent that leverage these options to manually hunt for threats. MDR providers like Paladion also integrate different security analytics such as user behavior analytics, network threat analytics, application threat analytics, and end-point analytics on a single platform for deeper threat detection. This improves threat discovery and drastically reduces dwell time. Once a hunter identifies a threat, he fortifies defenses against it, so that attackers are left with no choice but to change their tactics, techniques, and procedures, which usually takes a long time.
Another challenge for most enterprises today is analyzing and remediating a threat once it is identified. Traditional MSSPs only alert you to a potential threat and you are left to investigate and stop the threat. For an enterprise with limited incident management resources, this can take weeks, so the damage is done if it is a real threat.
MDR services not only discover threats by hunting it in your environment but also respond to it or remediate it swiftly. MDR service providers like Paladion not only house Threat Hunters but also malware engineers, ethical hackers, incident responders, data scientists, and more to provide rapid investigation and remediation to threats.
Cyber-attacks are increasing, and they are inevitable. Enterprises should move away from a preventive mindset to a hunting approach to detect threats before the damage is done. Managed Detection and Response service providers offer end-to-end protection from Threat Hunting to Breach Management. An MDR provider can augment your existing security operations or replace your existing MSSP.