Post Syndicated from Mikayla Wyman original https://blog.rapid7.com/2022/08/09/6-reasons-managed-detection-and-response-is-hitting-its-stride/

Cyber threats have risen to the #1 concern of CEOs, which means security teams — in the hot seat for years — are really feeling it now. Files and data live in the cloud. Work is hybrid or remote. There’s turmoil around the world. Cyberattacks are not just a distant boogieman – they’re here and happening every day.

As companies try to make sure their existing security infrastructure can keep up, they confront the skills gap, a 0% industry unemployment rate, and no room for mistakes. Managed Detection and Response (MDR) is having a moment.

According to a recent ESG study, MDR is one of the fastest growing areas of cybersecurity today. A whopping 85% of surveyed organizations currently use or plan to use managed services for their security operations. And 88% say they will increase their use of managed services in the next 1-2 years.

What’s driving this move to MDR? Let’s take a look at six main factors.

1. Focus

Augmenting an internal security team means internal security personnel can focus on more strategic security initiatives rather than day-to-day operational tasks. In fact, 55% of surveyed organizations want to focus their internal security teams on more strategic initiatives rather than spend time on daily basics, the ESG study found.

By partnering with an MDR provider, alert triaging and investigations are generally taken care of by the external team. Of course, your organization still has some things you’ll need to do – partnership is the name of the game. But by working with a MDR service, security teams suddenly have more time and bandwidth to work strategically.

2. Services

ESG reports that 52% of companies surveyed believe managed service providers can do a better job with security operations than they can.

What you would once have to train your detection and response team to do, MDR providers take over. That means they’re able to detect active attackers within your environment and contain threats. Analyze incidents and provide recommendations for remediation, and apply learnings from other environments they manage to your environment to make sure you’re protected from the latest attacker behaviors. Finally, good MDR providers are able to pivot into breach response if an attacker is live within your network.

To learn more about how to evaluate MDR providers on eight core capabilities, read the MDR Buyers Guide here.

3. Augmentation

About half of organizations (49%) believe a service provider can augment their security operations center (SOC) team with additional support.

Most companies that are able to build internal SOCs are generally well-funded, can afford roughly 10-12 full-time personnel, have a large array of security tools at their disposal, and have extensive processes already outlined. Sound doable? Great! If not, augmentation by way of an MDR provider is your tall glass of water.

Sign on with an MDR provider, get deployed, and your team is instantly extended. Benefits include time savings, cost savings, and experience level that most companies can’t afford to hire at scale.

4. Skills

No surprise, 42% of surveyed organizations in the ESG study believe they don’t have adequate skills for security operations in-house.

MDR is more than outsourcing 24x7x365 monitoring. It’s a partnership that helps you move towards a more secure stature with guidance and expertise.

This type of partnership allows teams to contextualize metrics and reports, get a better understanding of investigations that take place within their environment, and have someone to walk through processes should an attack take place. You also have an expert in your corner during CISO, board, or executive meetings.

5. Price

40% of surveyed organizations did a cost analysis and found that it would cost less to use a service provider than to do it themselves.

We won’t sugar-coat it – partnering with an MDR service provider is expensive. But so is building out an internal team that can actually monitor and investigate within an organization’s environment round the clock.

The cost of partnering with an MDR provider pales in comparison to the cost of employing 10-12 security personnel that operate an around-the-clock SOC, and it can offer ROI much more quickly.

Check out this recent Forrester study to learn more about cost-saving outcomes of partnering with Rapid7’s MDR team.

6. Staff

Finally, ESG tells us that 35% of surveyed organizations don’t have an adequately sized staff for security operations.

Even with unlimited budget to hire a full team, it would be an incredibly labor-intensive and time-consuming process. It would be nearly impossible for most organizations to accomplish. Not only is finding qualified candidates and hiring a huge pain point, but the resources needed to onboard and train staff often aren’t there.

Of course, all MDR services are not the same

Keep these three things in mind:

• Forrester found Rapid7 MDR reduced breaches by 90%
• Forrester found Rapid7 MDR delivered 549% ROI
• In the event of a breach, Rapid7 MDR pivots to full-on digital forensics and incident response, no delay, no limits

Check out our full MDR Buyer’s Guide for 2022 here.

Additional reading:

• The Future of the SOC Is XDR
• 5 SOAR Myths Debunked
• Simplify SIEM Optimization With InsightIDR
• 4 Key Statistics to Build a Business Case for an MDR Partner

Post Syndicated from Mikayla Wyman original https://blog.rapid7.com/2022/01/13/evaluating-mdr-vendors-a-pocket-buyers-guide/

Cyberthreats are now the No. 1 source of stress among CEOs, with 71% of respondents to PwC’s 2021 CEO Study reporting they are “extremely concerned” about the issue. At the same time, the cybersecurity skills gap continues to grow, with 95% of security pros saying the shortage of talent in their field hasn’t improved. So while the seriousness of the problem has increased, the availability of in-house resources to adequately address it has not — particularly when it comes to finding talent with the specialized skills in detection and response.

These trends have led many organizations to partner with managed detection and response (MDR) service providers to address resource and skills gap challenges and build a strong competency to find and stop attackers in their environment.

By instantly extending your internal team’s capabilities with detection and response experts, MDR services can provide you the confidence that your environment is protected at all times.

And for those that struggle to build a fully staffed security operations center (SOC) with the right headcount, technology, and process to be effective — all while staying under a tight budget — MDR may provide a cost-effective method to quickly stand up a complete detection and response program.

In our 2022 MDR Buyer’s Guide, we outline the core capabilities that provide the foundation for evaluating MDR vendors. They include:

• 24×7 SOC team with expert analysts
• Extended detection and response (XDR) technology
• Strategic guidance and collaboration
• Threat hunting
• Managed response
• Digital forensics and incident/breach response (DFIR)
• Automation
• A simple, predictable pricing
• SLA delivery standards

If you’re looking for a deep dive into each of these criteria, download the full guide!

In this post, we’ll streamline the discussion into 4 big-picture questions, providing you a quick-reference guide to use in the early stages of your MDR vendor selection journey, as you begin to identify your needs and narrow down your options.

1. Is this partner simply an outsourced SOC, or can they help us advance our overall security program?

An MDR provider is not just a vendor but a partner — and people are the foundation of any great partnership. You’ll want to ensure you ask the right questions regarding who will be servicing your organization and how, including:

• How many MDR SOC analysts will be monitoring my environment 24×7?
• What’s the experience level of the MDR SOC team we’ll be working with?
• What is the average tenure and attrition rate of the team?
• Will your partner suggest operational and strategic guidance to improve your program based on real-time threat monitoring and proactive threat hunting?
• Is there someone who will be our Security Advisor that we meet with regularly?
• What is the customer experience like when I need to connect with the MDR team?

2. Do they have the right tools at their disposal?

MDR combines real-time threat monitoring across the most critical elements of your IT environment — endpoints, network, users, and cloud sources. And in case you haven’t noticed, those environments are becoming increasingly complex. The cloud is enabling rapid scaling, and threats can come from virtually anywhere.

To carry out their duties well in this context, MDR providers need to be using the right XDR technology for complete visibility and coverage. Here are some questions to ask that can help you get a better sense of how the MDR vendors you’re considering approach their technology implementation — and how that affects you as the customer.

• Is the MDR SOC team using multiple third-party solutions, or a technology built by an embedded engineering team?
• How do you detect threats that bypass preventative controls?
• Will I have full access to your back-end technology? If not, will you provide self-service log search and dashboards?
• Does the SOC perform proactive threat hunts on top of the real-time detections?
• Will we have the ability to add SOAR automation capabilities to expedite the remediation process?

3. Can they pair insight with action?

The last thing you want to hear from an MDR provider is, “Hey, we found this threat — now you have to go fix it.” The vendors you’re considering should have a managed response approach to effectively curb attacks after detection.

To understand when and how vendors will respond to threats they detect, start with these key questions:

• What types of managed response actions will the MDR SOC advisors take?
• In what instances will the MDR service take response action on our behalf?
• Will I have the opportunity to deny the containment response if I don’t want the SOC team to take action?

4. Does the service scale to our needs and budget?

Even if an MDR vendor sounds great on paper across all of these points, that doesn’t necessarily mean they’re right for you. After all, you wouldn’t buy a two-seater car as your primary vehicle for a family of four. It’s critical to evaluate your MDR provider on the axes of your program maturity and desired security outcomes — both as it is now and for your goals for the future. Here are a few questions that will help you get a sense of whether an MDR vendor’s service and pricing structure fits your organization’s requirements.

• How is the MDR service priced?
• In the event of a breach, does MDR include DFIR as you’d get if you had an incident response retainer?
• Are there data allotment or retention limitations?
• What is your mean time to detect (MTTD) and mean time to respond (MTTR)?

These kinds of questions should help point you in the right direction in your initial conversations with potential MDR vendors. As you begin to make more fine-tuned decisions, you’ll want to have a few more detailed questions to ask — which means understanding the ins and outs of the MDR landscape a little more fully.

Check out our full MDR Buyer’s Guide for 2022 to help you navigate your choices with confidence and clarity.