“There is no silver bullet solution with Cyber Security. A layered defence is the only viable defence.” - James Scott
2020 brought unprecedented global changes and cyber security was no exception. From the widescale shift to remote working triggered by the pandemic, to the record-high cryptocurrency prices, to one of the worst cyber attacks of all time. The tools and tactics we started with in 2020 are no match for the threat landscape of 2021.
How do Data Breaches occur?
A data breach occurs when a cyber criminal infiltrates a data source and extracts confidential information. This can be done by accessing a computer or network to steal local files or by bypassing network security remotely. While most data breaches are attributed to hacking or malware attacks, other breach methods include insider leaks, payment card frauds, loss or theft of physical hard drives and human error. The most common attacks used in data breaches are outlined below.
Ransomware - Software that gains access and locks down access to vital data. Files and systems are largely inaccessible until some form of payment is made - commonly demanded in the form of cryptocurrency.
Malware - Commonly referred to as “malicious software” is a term that describes any program or code that harmfully probes systems. The malware is designed to harm your computer or software and commonly masquerades as a warning against harmful software. The “warning” attempts to convince users to download varying types of software, and while it does not damage the physical hardware of systems, it can steal, encrypt, or hijack computer functions. Malware can penetrate your computer when you are navigating hacked websites, downloading infected files or opening emails from a device that lacks anti-malware security.
Phishing - This scam is the most common way hackers gain access to sensitive or confidential information. Phishing involves sending fraudulent emails that appear to be from a legitimate source, with the goal of deceiving recipients into either clicking a malicious link or downloading an infected attachment usually to steal financial or confidential information.
Denial of Service (DOS)- is a cyber attack in which the perpetrator seeks to make a machine or a network resource unavailable to its intended users by temporarily or indefinitely disrupting service of a host connected to the internet. It typically accomplished by flooding the targeted machine or resource with the superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
Man-in-the middle (MitM)- attacks also known as eavesdropping attacks, occurs when attackers insert themselves into a two-party transaction. Once the attacker interrupts the traffic, then can filter and steal data.
Zero-day exploits- this exploit hits after a network vulnerability is announced but before a patch or a solution is implemented. Attackers target the disclosed vulnerability during this window of time. Zero-day vulnerability threat detection requires a constant awareness.
With the thread landscape evolving and becoming more sophisticated, the need for AI based cyber security solution layered with a robust Managed Detection and Response (MDR) solutions is essential tool in your arsenal of cyber defence strategies.
What is Managed Detection and Response (MDR)?
Managed Detection and Response (MDR), is a service where a vendor provides detection and response services for a customer in exchange for a contract or a subscription payment. An MDR service is layered on top of a robust EDR or XDR solution. Think of MDR as a combination of technology, processes and expertise that effectively extend your security team so you can scale and refine your security operations.
It provides alert monitoring, attacks investigation, proactive threat hunting, and incident response guidance.
In short, an MDR service collects, detects and responds to threats of Incidents of concern (IoC).
Collect - MDR services require a robust data set to perform their detection. Your MDR will either request access to your existing security stack or require deployment of additional technology for greater visibility and improved data collection.
Detect - A hallmark of MDR solution is advanced detection capabilities that use multiple sophisticated technologies, analytics engines, behavioral based detection, machine learning, anomaly detection and more.
Respond- MDR provides remote investigation of potential threats, employing a team of knowledgeable experts who understands how to interpret the events produced by detection technology, often including a high degree of support in containing and responding to threats once they have been detected.
Having an MDR solution layered with a good XDR solution, enables you to outsource security tasks to reduce manual work and ensure 24/7 coverage. It can be applied to any support system. It is a contractual service that allows you to avoid technical debt. It can provide a system wide or targeted coverage. It can provide manual threat hunting to detect advanced threats and vulnerabilities.
“Enterprises across all industries face increasing cyber security threats, at the same time, organizations struggle to find the skilled cyber security professionals they need.” - Jesse Emerson, VP Trustwave.
On top of specializations, businesses must defend against threats in real-time, so they should recruit for a 24x7x365 cyber security team, adding a layer of difficulty to the hiring process. Cyber criminals do not take a break on weekends, nights or even Christmas eve, and filling positions with a work schedule across all hours of the day, weekend and holidays is incredibility challenging.
One solution is to hire a reputable MDR external team to provide a 24x7x365 days of support. These types of solutions are mostly less then 1/3 the cost of hiring a single Cyber security analyst on an annual basis.
“Business must leverage outside firms who specialize in cyber security and have 24x7x365, “eyes on glass”, coupled with artificial intelligence (AI) and machine learning (ML) technologies to sniff out and mitigate common as well as zero-day threats.” - Emil Sayegh President, CEO, Ntirety.
To summarize, the benefits of having an MDR are:
- Having an advanced team of cyber security professionals with eyes on glass support in a 24x7x365 coverage.
- ROI - having a team of professionals to provide a service at less then 1/3 the cost of hiring a single cybersecurity analyst.
- Having a detailed incident report to help create policies and strategies to prevent future exploit attempts.
- Provide guidance on how to respond to incidents, assisting in isolation and removal of malicious infrastructure, presence, and activities.
- Significantly reduce mean time to resolution (MTTR) of attacks. The largest percentage of MDR users (35%) saw in MTTR reduction between 25%and 49%- survey redcanary.com
In conclusion, having an MDR solution will provide you a collection, detection, and response platform to triage, investigate and respond to threats and IoC. To have a further conversation about MDR and other components to building a robust cyber security strategy, please reach out to us to start a conversation.