Managed Detection and Response Takes Security to the Next LevelIn the digital era, enterprises of all sizes must be proactive instead of reactive when it comes to cybersecurity.
By: Martha Vazquez - Senior Research Analyst - Infrastructure Services - IDC
Digital transformation is driving rapid technological changes across every organization. In response, IT infrastructures are growing more complex, with a mix of on-premises, cloud, and multicloud locations that expand the network’s potential attack surface.
And that surface will only continue to grow: A recent U.S. IDC survey found that close to 50% of respondents will turn to a managed security service provider to fill in for staff shortages and provide 24X7 support. Over 25% of respondents felt that they lacked the security talent and skills to keep up with the growing attack surface and the vast amounts of telemetry entering the network. Meanwhile, the continued onset of attacks – and their increasing sophistication – suggests that today’s malicious actors are also embracing emerging technologies to keep ahead of security staff. Simply put, it is harder than ever to stay safe.
To fight back, enterprises large and small are exploring Managed Detection and Response (MDR), a continuous and proactive security and threat monitoring, detection, incident analysis, and response service that correlates threat intelligence and telemetry collected from the client's environment. IDC's research finds that organizations are either implementing or looking to implement MDR services to address:
» The growing sophistication of threats such as nation-state attacks, fileless attacks, and ransomware
» The lack of 24X7 support, security talent, and in-house expertise to address these threats
» The need to adopt emerging technologies such as artificial intelligence
Demand for MDR services is also being driven by ever-increasing regulations that require more robust cybersecurity capabilities, regardless of a company’s size. For example, even smaller organizations that deal with personal health information (PHI) as “covered entities” must adhere to HIPAA regulations.
To protect clients, MDR services monitor activity and apply advanced analytics on endpoints, user activity, the application layer, and at the network perimeter, as well as traffic moving laterally within an enterprise network. MDR monitoring—especially application and user supervision—can also be extended into cloud environments.
MDR services combine technology with human expertise and specific methodologies to generate recommendations, guidance, and intelligence to keep clients secure. And while implementing MDR needn’t be a “rip and replace” situation, organizations should carefully evaluate components such as expertise, visibility, and security tools and technologies used when other when looking for a provider.
To learn more about the value MDR can provide to any organization regardless of its size, read the IDC Analyst Connection “Making the Most of Managed Detection and Response,” sponsored by Secureworks.