Five MDR Service Principles to Reduce Risk in Small Businesses
If you run a smaller business or a midsize organization, you might think that hackers have bigger fish to fry and won’t place their sites on you. This line of thinking is risky, however. As cybercrime skyrockets, no organization is immune to attack, but implementing an MDR service in advance can help you prepare. However, to truly reduce your risk, the solution you choose should be right for your size and needs. These five principles will help you change the way you think and reduce your cyber risk.
1. Assume the state of mind: Defenses can and will be penetrated
- Even though the cyber headlines focus on the big Fortune 500 breaches, don’t think you’re immune. Cybercriminals no longer distinguish company-wide now that they have threats and automated tools like Ransomware as a Service.
- The two most common types of cyberattacks for mid-market businesses are Microsoft 365 account takeovers (via phishing, brute force attacks, and combolist buying) and ransomware (via advanced exploitation of endpoints, session hijacking, and SAML token theft). Both of these are devastating for any organization resulting in financial damage including wire fraud, ransom payments, business disruption, brand damage, and a massive increase in cyber insurance renewals.
- Using the NIST model, the MDR service must invest directly in the Detect, Respond, and Recover parts of the security lifecycle to be effectively protected against these attacks on endpoints and your Microsoft 365 services (which contain your identity and must be included)
2. The MDR service must be optimized for YOUR IT team and environment.
- Mid-sized MDR organizations below 2,500 endpoints are very different with fragmented networks, a very remote workforce, and significant investments in Microsoft 365 and their security stack. Microsoft 365 is an important component of your MDR service and should be included. Microsoft provides world-class security, but with more than 250 million active subscribers worldwide, account-level contact and follow-up on a key incident is impossible.
- Most vendors are focused on the top of the market, citing Fortune 500 client lists. These environments are very complex with over 30 security vendors supported by hundreds of IT staff across the globe. This is not the typical Mid Market customer and does not reflect your needs.
- Provides a dedicated function and service to proactively perform real-time threat detection, endpoint scanning and Microsoft 365 services
- Time to Value: Is the service easy to deploy and able to deliver value on the first day or even the first few hours?
- Specially designed and targeted MDR / XDR platforms optimized for the mid-market, leveraging cloud and speed, beat the broad legacy on-premises, SIEM-based approach that powers most traditional MSSP markets
3. Make sure the MDR service understands Advanced detection with the following critical capacities:
- Cloud-based data collection, aggregation and analysis on endpoint cloud services and MS 365
- Behavioral monitoring to cover the main opponent’s TTPs prescribed by MITER
- Machine learning-based alerts with data correlation capabilities
- Rule-based alerts to filter large volumes of data and alerts down to a few critical ones
4. Make sure the MDR service understands Scalable and automated response with the following capacities:
- Predefined automated actions to mitigate malicious activity and stop ongoing attacks on devices and Microsoft 365
- Ability to push these actions over the network without using Active Directory or other central services which are typically compromised early in the attack lifecycle
5. Make sure your service provider includes expert SOC services with 24/7 monitoring that integrate well into your IT team.
- Fit and Reliability: Make sure the team is a good match for yours. Do the references they provide know their names and swear by their reliability when needed?
- Expertise: Detection and response is a highly specialized skill set and requires thousands of hours of training and real-world experience for analysts to be effective against highly skilled adversaries.
- Proactive detection should be performed by a dedicated team who review alerts and will not be distracted by day-to-day firefighting in the IT department.
- 24/7: Attacks typically happen during nights, weekends, and holidays when traditional teams aren’t as responsive. Make sure you have experts always available with an investigation and response SLA for critical threats.
Could we be suitable for you? Find out by contacting us or signing up for a free trial.
The article Five MDR Service Principles to Reduce Risk in Small Businesses first appeared on Infocyte.
*** This is a syndicated Security Bloggers Network blog from Blog – Infocyte written by Curtis Hutcheson. Read the original post at: https://www.infocyte.com/managed-detection-and-response/2021/09/01/five-mdr-service-principles-to-reduce-risk-in-small-enterprises/