June 25, 2021
How Managed Detection and Response Closes Cybersecurity Gaps
A growing number of organizations are augmenting internal security resources with expert support and streamlined solutions.
After every new cybersecurity incident, I hear from organizations wanting to learn more about managed detection and response. MDR typically combines a security platform with outsourced support, bringing disparate solutions into a single dashboard and providing access to third-party expertise.
Earlier in 2021, CDW worked with First State Community Bank in Farmington, Missouri, to complete an MDR deployment that showed a return on investment almost immediately. As news reports surfaced of a new zero-day threat, the bank’s Cisco MDR platform was already scanning for similar vulnerabilities. It was on track to detect the exploit based on existing signatures before anyone was aware of the problem.
For First State Community Bank, whose IT team of 10 members supports 750 employees, MDR is a powerful way to augment internal resources. The platform integrates and supplements a variety of security tools and uses artificial intelligence to deploy them in a coordinated security program. The result is comprehensive, streamlined oversight.
MDR has also reduced the false positives that previously put a burden on the bank’s IT staff. Many organizations pull logs from numerous sources and put them into a security information and event management system, which can produce a lot of noise. MDR cleans up that noise, providing actionable alerts for threats the team needs to address.
Optimizing MDR, from Discovery Through Deployment
When we work with organizations to adopt MDR, they often need help evaluating various vendors, in part because not every solution interacts well with the rest of the IT ecosystem. We start with a discovery process to understand what an organization has deployed, what its time frame is and what internal resources it has.
Organizations also want to know what type of dashboards and reporting capabilities are available. These are useful both to demonstrate the value of the solution and to pull reports that can drive further improvements in the overall security strategy.
It’s also important to understand exactly what the service will provide if an incident occurs. That may be remote control or remote quarantining of an infected device, support to help the organization fix the problem, onsite support from a third-party incident response team or another option.
In our engagement with First State Community Bank, we partnered with the bank and with Cisco Systems to develop a playbook for the MDR deployment. Based on best practices and shaped by the bank’s unique requirements, the playbook defines how the parties will work together if an incident occurs. By specifying who will handle what, the playbook ensures that the proper response occurs and that there is no finger-pointing — each party knows its roles and responsibilities.
Internal and External Factors Drive Interest in MDR
Organizations have several reasons for deploying an MDR solution, including the growing complexity of cybersecurity and the scarcity of trained security professionals. Others are finding that their cyber insurance companies require an MDR, or an endpoint detection and response solution, to qualify for coverage.
For all these reasons, I expect we’ll see more organizations gravitate to MDR. It offers a hard-to-beat combination of solutions and services that many organizations find difficult to replicate on their own.