Light Dark
October 28, 2020 By Laurance Dine 3 min read
Intelligence & Analytics
Security Services
Threat Intelligence

This is the first in a five-part blog series on Managed Detection and Response as it drives strategic security outcomes for businesses.

If there’s one thing the past decade has shown us, it’s that change happens faster than expected. Looking across the modern enterprise, we’ve seen applications become more modular and containerized and data being shared and analyzed in amazing new ways. In addition, infrastructures are more often spread across hybrid multicloud environments.

Source: IBM Security

Changes across each of these domains and a workforce that more often codes from home is a double-edged sword. It puts mounting pressure on security teams to maintain visibility and to detect and respond to threats. Lack of visibility, plus a lack of time, skilled staff and an increase in alert overload, has placed most IT teams on an unstable path.

What is Managed Detection and Response?

Endpoints remain the primary high ground between defenders and attackers. To hold this advantage, security teams need to do multiple things at once. Their jobs require increased accessibility, deeper telemetry, increased remote forensic work and more granular containment and response options. And of course, all this needs to be run by a well-trained team of experts. These driving factors have fueled significant adoption of managed detection and response (MDR) services. According to a recent 2020 study, 94% of respondents not already using an MDR service are currently evaluating or have plans to evaluate MDR over the next 18 months.

In this multipart blog series, we’ll explore how an effective MDR service helps clients achieve their goals through the lenses of four key strategic outcomes:

  1. Align your security strategy to your business.
  2. Protect your digital users, assets and data.
  3. Manage your defenses against growing threats.
  4. Modernize your security with an open, multicloud platform.

Align Your Strategy to Your Team

In the broadest sense, alignment is thoroughly knowing the business and showing how the security strategy enables its success. In the context of MDR, this knowledge and practical work take many forms.

Know What Data Is Most Important

It starts with knowing that not all assets should be treated equally. There are benefits to assessing and pinpointing the most critical assets ahead of time. In order to do this, MDR analysts should know the business well; know its core products and services; and know the users, data and critical systems required to deliver them.

Both the MDR provider and their client should know which assets are the highest priorities and have the most material impact before an incident happens. For example, production servers should take priority above legacy dev systems slated for decommission. While the latter is fast and easy to address, the former could impact the bottom line. MDR analysts can demonstrate their alignment with the business by simply knowing these details in advance.

Focused Hunts

Nearly all MDR services offer or include a threat hunting component, though definitions, methodologies and implementations vary widely. While most industry experts agree threat hunting is helpful, it can be challenging for security teams to demonstrate how hunting directly supports business objectives.

One way to show alignment is for MDR service providers to demonstrate how hunts are customized and directly relevant to high-value assets such as key identities, critical systems or sensitive data. Another method is to demonstrate how MDR service providers are incorporating threat intelligence relevant to the organization into the hunts, perhaps based on geography or threats to the client’s industry.

Make The Risks and Responses Clear

When working with an MDR service provider, communication can be the lifeblood that determines success or failure at all levels. When communication speed, depth, accuracy, medium, frequency and audience have to be just right nearly all the time, it can be one of the hardest things to perfect. This is amplified by the fact that all MDR service providers contend with client scaling challenges at some point.

Clients want MDR service providers that explain risks clearly, succinctly and in terms that are relevant and practical. Throughout the partnership, MDR service providers can demonstrate higher value by helping customers understand month-over-month and year-over-year gains in overall security posture. They can provide a report card showing the impacts of the strategic investments and related improvements.

Managed Detection and Response In a Changing World

Aligning an MDR service to the unique needs of the business first requires knowing what the objectives are. This can be obtained in a number of ways, including regular assessments and workshops to prioritize and clarify goals. When looking for a MDR provider, ask these questions:

  • How does your MDR provider prioritize your most critical assets?
  • How does your MDR provider demonstrate how it uses that data to monitor, detect, investigate and hunt?
  • Does the MDR provider clearly communicate in a way that demonstrates its understanding of the business and how it aligns to the organization’s strategy?

Check out Part 2 of this series to explore the keys to protecting your organization, and learn more about IBM Security Managed Detection and Response Services.

 | 
Laurance Dine
Global Partner, X-Force Incident Response

More from Intelligence & Analytics
February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

December 19, 2023

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

December 14, 2023

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature