When it Comes to MDR, Cybersecurity Knowledge is PowerAn Intelligence-driven MDR recipe requires the right ingredients By: Bud Ellis
- Not all inputs make MDR security better
- The right cybersecurity knowledge includes incident response findings and threat intelligence research
- Experience and context are important factors
There are many solutions labeled as Managed Detection and Response, and that’s understandable given how popular MDR has become in recent years. Organizations wanting to stay ahead of the evolving threat landscape long since have realized they cannot simply lean into technology that signals alerts without context and without a path forward to resolution.
What goes into an MDR solution directly correlates into what comes out of it. You wouldn’t walk into your kitchen, dump everything out of your pantry and refrigerator into a mixing bowl and expect the finished product you put on the table to be delicious. Likewise, effective MDR is tied to what goes in a solution, and the most important ingredient in your MDR recipe is cybersecurity knowledge.
Intelligence is Instrumental
There are many synonyms for "knowledge”. Pick one: understanding, comprehension, expertise. But one stands out when viewing knowledge through the lens of MDR – intelligence. Staying ahead of advanced adversaries requires security solutions to have not just information, but valid intelligence that helps sifts out real threats from the noise that bogs down more traditional alerting technology.
Powerful MDR solutions factor in the right intelligence to determine what alerts are benign and what alerts warrant action. There are several intelligence-driven areas critical to effective MDR solutions:
- Incident Response: A dedicated incident response team that performs proactive and reactive engagements and delivers information on threat actor tactics and techniques, discovered in a real-world setting.
- Threat Research: A dedicated research team that tracks, investigates and anticipates the next moves from adversaries by mining a variety of sources, providing a wealth of knowledge and critical insight into the global threat landscape.
- Threat Hunting: Global threat hunters that search across a customer’s environment, discovering malware that evades existing controls.
Experience is Important
As important as possessing cybersecurity knowledge is knowing how to apply it. That’s where a strong security operations staff and historical context amplify the value of that knowledge. Experienced security professionals provide ongoing operational service delivery and support. Additionally, they provide the right guidance in detecting and responding to threats and use their expertise to bolster an organization’s security posture.
That experience goes beyond security operations staff and extends to the company offering MDR. A provider with an established history of delivering security solutions has the knowledge and context of how the threat landscape has evolved, backed by years of attacker data – plus incident response findings and threat research – to offer a complete security knowledge base to keep organizations safe.
A More Complete Picture
Managed detection and response solutions are plentiful, but not all of them include the right information needed for strong security. Organizations need to ask vendors what components and inputs go into their solutions. Is there an incident response component? How about threat research? Are security operations experts a part of the recipe?
Interested in an MDR solution that includes those elements and more? Check out Secureworks® Taegis™ ManagedXDR, which recently was cited as a leader in the Forrester Wave: Managed Detection and Response, Q1 2021.