Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include:

If any of these symptoms resonate with your organization, it’s time to address PDR.

I know what you’re thinking, PDR isn’t really a thing. While the security industry already has an overloaded number of “DR” terms, like EDR, NDR, CDR, MDR, XDR, TDIR, etc., you’re right — there’s no industry PDR term, but the sentiment behind our playful acronym is certainly real. Case in point: look at the number of “DR” acronyms in our previous sentence. The industry as a whole is fragmented and this has resulted in many enterprises suffering from PDR.

Why PDR happens

PDR side effects often include malaise, restlessness, a sense of unmanaged risk, a willingness to get distracted by generative AI, a compulsion to attend conferences outside of the office and an uncharacteristic joyfulness when attending budget meetings. This all results from the fact that the road to recovery from PDR can often be difficult. How did you get PDR anyway?

PDR may have snuck into your security program. You were happy with your SIEM and then extended detection and response (EDR) came along and demanded to run “outside the SIEM” and you thought, “That’s not so bad.”

Then attack surface management (ASM) came along and didn’t integrate with anything, but you knew you couldn’t detect and respond to threats in assets that you don’t know about, so you needed to buy that stand-alone ASM tool.

Identity threat management came along but that was only available from your current identity vendor and didn’t integrate with your user behavior analytics (UBA) system. Next thing you know you’ve got PDR.

Register for the webinar on PDR

Five treatment goals for PDR

1. Consolidation

We’re not just talking about vendors, but tool and workflow consolidation. Most of the new security technologies you bought as an independent capability over the last 3-5 years have been paired or integrated by a vendor looking to capture market share by adding adjacent capabilities. Make sure you understand what can be “good enough” versus “best in class” when looking to consolidate capabilities. If you’re consolidating vendors, select vendors that first and foremost commit to extensibility and integration.

2. Proactive security

Instead of merely reacting to threats, focus on proactive measures. Reduce your attack surface by investing in exposure management. Establish a program that includes services such as code analysis, attack surface management, enterprise detection engineering, penetration testing, adversary simulation, threat hunting, and vulnerability management.

3. Zero trust in the cloud

You might be wondering how zero trust earned a spot in a detection and response to-do list. I recognize that distributed (aka federated) enterprise threat detection and response (TDR) is still maturing.

A common current security scenario is one where a hybrid cloud environment exists, utilizing cloud-native capabilities, but due to the cost-prohibitive nature of extracting data from cloud hyperscalers, security teams are supporting two disconnected environments. Until federated detection and response tooling improves, the best universal strategy is to use the cloud detection and response tooling needed to support the business transition to cloud, but focus more security attention on prevention when adopting cloud-native security capabilities. Ensure all the zero trust concepts you worked so hard to define and implement in your legacy environment also extend to your cloud environments.

4. Strategic planning

Take an inventory of your current PDR capabilities and define your future state. Realize that your strategy may need to play out over multiple years.

5. Threat management architect

Appoint a threat management architect with both technical expertise and the ability to evangelize security principles. They should understand the holistic concept of cyber resilience, which encompasses more than just backups and recovery but also anticipates and prepares for threats while maintaining business continuity.

Seeking help from a PDR professional

If PDR is deeply embedded in your organization, consider enlisting the expertise of a PDR professional. Look for a professional with advanced capabilities who can enhance your existing investments rather than pushing for new software adoption. They should offer a range of services, including application and database security, and be well-versed in cloud environments. Ensure your chosen PDR professional can provide a comprehensive portfolio of services, spanning threat prevention to incident response.

Overcome PDR with threat detection and response services

IBM Consulting has services professionals who are certified PDR recovery professionals. The new Threat Detection and Response (TDR) service from IBM’s Cyber Threat Management Services is designed with many of the principles covered here. You don’t need to make a massive investment in AI; we’ve been doing that for years. You don’t need to rip and replace any of the investments you’ve made; we support the broadest ecosystem of vendors.

Starting with TDR is as simple as joining us for the webinar on November 1 to learn more, or reading the press release to learn how you can reduce cyber risk and lower incident costs by 65% with the Threat Detection and Response service. You can also check out our recent managed detection and response (MDR) market leadership in this KuppingerCole Report.

We’ll get you on the road to PDR recovery in no time.

More from Zero Trust

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

How zero trust changed the course of cybersecurity

4 min read - For decades, the IT industry relied on perimeter security to safeguard critical digital assets. Firewalls and other network-based tools monitored and validated network access. However, the shift towards digital transformation and hybrid cloud infrastructure has made these traditional security methods inadequate. Clearly, the perimeter no longer exists. Then the pandemic turned the gradual digital transition into a sudden scramble. This left many companies struggling to secure vast networks of remote employees accessing systems. Also, we’ve seen an explosion of apps,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today