How Systems Integrators Can Integrate MDR Successfully
2024-2-16 22:0:0 Author: securityboulevard.com(查看原文) 阅读量:13 收藏

Security systems integrators play a critical role in designing, installing and maintaining complex security solutions for organizations across industries.

In operational technology (OT), the physical and digital landscapes are more intertwined than ever, with extra vigilance needed to keep a check on threat detection and response. With cyberthreats growing in abundance and sophistication, many clients are now turning to managed detection and response (MDR) services to strengthen their security postures. Integrating this type of emerging solution can prove instrumental in bolstering an incumbent security infrastructure significantly. It’s estimated that by 2025, 50% of organizations worldwide will be using MDR for a plethora of cybersecurity functions, with the market itself poised to reach a $2.2 billion valuation, as predicted in Integrity360’s recent roundup.

Not only that, but organizations that deploy managed cyberthreat detection strategies see a 62% reduction in the average number of cyber breaches and incidents each year, according to the Orca 2022 Cloud Security Alert Fatigue report.

As trusted advisors to a host of businesses sector-wide, systems integrators have a prime opportunity to integrate third-party MDR cybersecurity services into the solutions they provide. Doing so creates value for clients while positioning integrators as leading-edge security partners.

The Need for Advanced Threat Detection and Response

Legacy security tools like firewalls and antivirus software are no longer sufficient to protect against today’s attacks. Threat actors constantly change their tactics to evade basic controls. As a result, the average dwell time for an intruder within a compromised network now stands at anywhere between eight to 10 days, which is a drop from 2022 but is still alarmingly long.

To catch sophisticated threats in action, organizations need 24/7 monitoring, expert threat hunting and rapid incident response. However, most lack the in-house resources to do this effectively. This is where outsourced managed detection and response (MDR) services shine.

To avoid getting into the finer technical details of what MDR and other processes and tasks involve, most third-party solutions will encompass a series of specific procedures like:

• Advanced threat hunting – MDR analysts proactively hunt for hidden threats across the enterprise by leveraging threat intelligence, behavioral analytics and custom queries. This allows them to identify and contain attackers before severe damage is done or a ransom is exported.

• Real-time alert monitoring – MDR providers have security operations centers (SOCs) that monitor client networks around the clock. Advanced tools automatically collect and correlate data from security controls to detect anomalies. Analysts are notified of any alerts immediately to then analyze them comprehensively, before pinpointing whether they constitute genuine threats.

• Accelerated incident response – MDR teams contain confirmed threats rapidly using remote response capabilities. This minimizes dwell time and disruption to the business. Most MDRs also offer expert forensic investigation and malware analysis to learn from incidents.

Deep Security Expertise and Threat Intelligence

MDR services draw upon a vast pool of cybersecurity talent and geographically dispersed threat data. Top providers have SOCs with hundreds of experienced analysts on call at any given time, with these experts holding certifications from bodies like CISM, GIAC, CRISC, CCSP, CISSP and CEH, to name just a few.

Working across numerous client networks simultaneously – and in real-time – gives MDR teams wide exposure to different attack types. This allows them to fine-tune detection and response strategies over time. When focusing on one client’s multi-layered network, each digital asset can be analyzed and given enhanced protection segment by segment.

MDR vendors also invest heavily in threat research and intelligence. By gathering data from partners, dark web sources, botnets, and malware, they stay on top of attacker TTPs (tactics, techniques and procedures) and new vulnerabilities being exploited via reports.

Complete Visibility Through Technology Integration

A key benefit of MDR is gaining unified visibility into threats across an integrator’s incumbent IT environment.

MDR platforms integrate with clients’ existing security controls through a variety of methods, from APIs and real-time collaboration tools to new, purpose-built devices with restricted access control. This connects the dots between endpoints, networks, cloud services, and more across an estate. Analysts can pivot quickly during investigations due to this consolidated view of assets and infrastructure.

Common tool integrations include:

• Endpoint detection and response (EDR)
• Next-gen firewalls
• Cloud access security brokers (CASBs)
• DNS filtering
• Email security
• Vulnerability scanners
• SIEMs

Platforms are tailored to each client’s environment and requirements. Advanced machine learning and behavioral analytics further enhance visibility and detection across the stack.

Optimized for Client Environments

Top-tier MDR providers offer highly customized and bespoke services for each organization:

• Proactive threat hunting – Scheduled hunts focus on high-risk areas in the client environment and MITRE ATT&CK tactics.

• Tailored detection rules – Rules are created to detect TTPs relevant to the client’s industry, geography and attack surface.

• Response playbooks – Documented processes for containing common threats to reflect client priorities and workflows.

• Ongoing tuning – MDR teams continuously tweak configurations and analytics as the environment evolves.

This tailored approach allows organizations to benefit from enterprise-grade capabilities tailored to their unique needs.

Global Capabilities

For organizations with an international footprint, choosing an MDR partner with global SOCs and alert coverage is critical. This provides:

• Analysis of alarms 24/7 by staff familiar with local languages, cyber regulations and threat landscapes.
Broader geopolitical risks such as those in regions with economic or civil uncertainty, raising the native risk level.
• Visibility into threats across borders, without compliance or data residency conflicts.
• Consistent security policies across all geographies.

Look for MDRs with multiple SOCs across continents when protecting international environments.
Seamless Integration for Systems Integrators
Partnering with MDR providers allows systems integrators to deliver better security outcomes for clients. The steps for integrators to provide managed detection and response include:

• Evaluating clients’ existing security tech stacks and requirements
• Selecting MDR partner(s) that align with client needs
• Onboarding clients to internal MDR platforms and any third-party software that aids documentation
• Facilitating ongoing management of MDR relationships

Leading MDR vendors make integration seamless by providing technical documentation, training, co-branded marketing assets, discounted partner pricing, and dedicated account management.

Integrating third-party MDR creates a stream of stronger client relationships and recurring revenue streams for integrators. It also reduces liability by offloading complex threat hunting, analysis and response duties onto specialized security teams.

As cyberthreats proliferate, outsourced MDR services have become essential for gaining control over today’s expanding attack surface. Integrating managed detection and response into client offerings allows systems integrators to provide greater value while staying focused on their core strengths.

Recent Articles By Author


文章来源: https://securityboulevard.com/2024/02/how-systems-integrators-can-integrate-mdr-successfully/
如有侵权请联系:admin#unsafe.sh