MDR 101: What is Managed Detection & Response?
We know you want to protect the security of your organization. We know that risk sucks and you don’t want to accept it…and you shouldn’t have to. Consider this your resource for Managed Detection and Response (MDR) so that you can learn what it takes to eliminate the fear of risk. Here you can learn how cyberthreats are evolving and how to stay ahead of them. And you can learn why MDR is such an essential part of a comprehensive security strategy and what it takes to make MDR successful.
So what is MDR exactly?
Managed Detection and Response (MDR) services?provide remotely delivered security operations capabilities to quickly detect, investigate and respond to threats. This is far more than the EDR or SIEM technologies of the past. EDR monitors endpoints, such as workstations or laptops, for suspicious behavior. SIEM collects, analyzes and stores data from EDR and log data from across an organization. But what was lacking was an effective way to make use of the overwhelming amount of data and alerts that came from EDR and SIEM. MDR takes this chaos and brings order, visibility and direct action to detect, mitigate and remediate security threats.
Gartner defines?MDR as 24/7 threat monitoring, detection and lightweight response services to customers leveraging a combination of technologies deployed at the host and network layers, including advanced analytics, threat intelligence, and human expertise in incident investigation and response. They expand on this definition further, stating that MDR vendors can undertake incident validation, and can offer remote response services, such as threat containment and support in bringing a customer’s environment back to some form of “known good.”
Why is Managed Detection and Response important?
In the?2021 Cost of a Data Breach Report, IBM and the Ponemon Institute announced that 2021 had the highest average total cost of data breaches in 17 years, rising to $4.24 million. But the same report also found that the average cost of a breach was USD 1.76 million less at organizations with a mature zero trust approach, compared to organizations without zero trust. But what does it cost an organization to take a zero trust position in dealing with security alerts? On average, a single endpoint will generate 5,000 alerts annually. If a hypothetical business has 2,000 endpoints, it will translate into 10,000,000 alerts per year that security analysts will need to investigate.
This example is based on an assumption of 8-hr shifts. But an attack rarely comes when it’s convenient. To provide 24×7 protection will require a minimum of 10 individuals, regardless of the size of the organization or the number of alerts generated. With an average annual cost of $75,000 per analyst, that’s a minimum of $750,000 per year.
Many companies may attempt to control costs by only investigating critical- or high-priority alerts. But this can be an expensive mistake as many of today’s ransomware attacks start as attacks that are only detected through medium or low-priority alerts, and by the time they become high-priority alerts, the attacker’s damage is already done.
Providers that offer services like Managed Detection and Response (MDR) can help you take advantage of economies of scale to shrink total cost of ownership while increasing the expertise and resources you have at your disposal. The analysts provided by an MDR provider work across a variety of industries, enabling you to capitalize on their expertise while taking advantage of the cost efficiencies of not shouldering the entire burden of bringing these individuals on as full-time employees. This type of partner will already have the real estate, technology, and expertise to integrate efficiently with your current environment. Software license costs can be significantly reduced, since an MDR vendor can purchase licenses at scale, distributed across their entire client base.