We are approaching the countdown to the end of the year, and you know what that means. It’s budgeting season! But before you make any rash decisions, take a step back, listen and see what your priorities should be in the coming year.
Take a look around you. The way we do business and interact with our customers has changed. We are evolving and becoming more digitally connected than ever. Businesses have already opened themselves up to the world of digital transformation. With all of the pure-play businesses popping up and services offered online, we are living in a different world than we ever could have imagined. Banks are closing down stores and offering online banking, clothing stores are expanding into the online realm, gaming businesses too have taken on a whole new digital face, as gambling platforms online have now surpassed their physical counterparts.
Concurrently, these businesses are opening themselves up to far greater risks in an even larger environment of threats. CIOs and CISOs now perceive their security environment through a digital lens.
Until recently, security budgets have been focused on prevention. Keeping the bad guys at bay. But we are at the outset of a seismic shift from prevention to continuous detection and response. According to recent research by RSA, the trend in security budget spending has been shifting from the traditional split of 80% prevention, 15% detection and 5% response to a more equal allocation of funds – 33% for each initiative.
Cyber Security Efforts Moving Towards A Managed Detection And Response Approach
Prevention isn’t unimportant and we don’t see chief information security officers giving up on preventing security efforts, however, it is clear that prevention is futile unless it is tied into a detection and response capability. Prevention needs to be buttressed by consistent and evolving detection and response capabilities. Legacy MSSPs, providers of a set package of managed security services, usually rely on the monitoring of logs from security devices via SIEM technology. Generally having limited visibility into the new digital threat landscape, focusing on day-to-day observations while unable to detect zero-day or targeted attacks across the entire organization. With little predictive insight on upcoming attacks, MSSPs often lack incident response (IR) techniques and processes that suit today’s digital business environment.
CyberInt believes that detection and response start before the attacker reaches your physical network. All attacks take form on your digital channels initially, whether in the reconnaissance stage or as the origin point of an attack vector, your digital footprint is the facilitator of the next attack on your business.
If you are planning to outsource your detection and response, make sure you understand the differences between MSSPs, MDRs in general, and MDRs that specifically focus on your digital risk environment. While MSSPs are capable of supporting some segments of a security program, they may not specialize in detecting and responding to advanced threats. This is where a Digital Managed Detection and Response service is able to bridge gaps left by traditional MSSP services. Digital MDRs focus on 24/7 threat detection allowing you to respond to threats in real time, while they are still formulating in digital channels. We keep them out before they breach your network.
What Benefits Will You Gain from Utilizing a Managed Digital Risk Management Service?
Utilizing a Managed Digital and Risk will allow you to benefit in three main areas. It will reduce the time it takes to detect threats, reduce the impact of the attack, and ultimately lead to less protecting your bottom line.
1) Reduced time to detect threats: Incident management processes are a paramount part of strategy for threat detection and response. Without comprehensive tools for detection from all possible attack vectors, an organization cannot consider itself truly protected.
That said, the excellence of detection, beyond big data analysis, is the challenge of triage – which threats are most pressing. The first stage is the Detection and Triage Stage. During this stage you detect and receive a collection of events and incident reports as alerts. This entails actions taken to categorize and assign these events/incidents. Next is the Analysis Stage, which consists of dealing with the investigation and determining what has happened and its impact/damage. Lastly, the Response Stage, where actions are taken to resolve or mitigate the incident.
Lockheed Martin developed a popular model coined the Cyber Kill Chain that characterizes the stages of a cyber attack. There are seven stages in the intrusion kill chain. We will focus on the first five to highlight how the involvement of a Digital Managed Detection and Response services could assist your organization. During the first few phases of the intrusion kill chain, a Digital MDR could help deter impending threats.
Stage 1: Reconnaissance. This is a pre-attack phase during which the attacker collects information on the targeted organization or individual, including vulnerabilities, credentials, and other various ways to penetrate the target. Often traces are left behind by the attacker that can be detected by a Digital MDR at this early stage.
Stage 2: Weaponization. The attacker finds an exploit and at the point that the attacker creates malicious files or a known exploit, the Digital MDR services can often detect discussions or related files in the dark and deep web forums, which provide background on the potential attack.
Stage 3: Delivery: When the hacker delivers the weaponized attack tool, the intrusion should be flagged by the SOC and response and mitigation should be handled efficiently by MDR.
Stage 4: Exploitation and Installation: At the point of exploitation/installation, depending on the specific attack vector MDR will step in to quarantine the affected machines or identify vulnerabilities which need patching.
The Lockheed Martin’s last stages include command and control, whereby the attacker takes over his target's assets, and may take secondary actions to further his objectives. Part of MDR is potentially recuperating lost data and mitigating the related potential attack vectors. Overall, implementing a digital MDR service will assist you in proactively seeking out potential risks and saving you time for the inevitable attack.
2) Diminish the impact of the attack: Due to the fact that Digital MDRs are designed to protect your business from cyber threats by continuously monitoring risk across various channels, you are already ahead of the game by eliminating your blind spots. With digital MDRs you are no longer struggling to mitigate risks such as malware or hijacking. The list is vast and the threats exist not only within your perimeter but beyond the perimeter as well. A Digital MDR provides your organization with comprehensive visibility, as well as rapid access to the necessary tools to investigate potential threats. This way you are able to reduce or eliminate threats altogether before they even hit your perimeter.
As the digital landscape evolves, there will continue to be a shift from physical to intangible assets. We already see this change happening before our eyes. The data reflected in the chart below, reveals that intangible asset value of the S&P 500 grew to an average of 84% by January 1st, 2015, an increase of four percentage points over ten years. As we progress in this age of digitalization, corporate assets be swept up in the trend, and keep in mind many of these intangibles are not yet covered by insurance policies. In this context then brand value and reputation, intellectual property, technological know-how and supply chain networks become even more valuable. With this approaching digital revolution it is necessary to be prepared to mitigate your digital risk blind spots. Make sure your organization is prepared for intangible losses which are not covered by insurance.
3) Reduce your Loss: With a Digital MDR you are able to detect any malicious activity due to the fact that you are dealing with an automated process and are able to cover more areas of detection. As cyber-crime expands and has a direct effect on our bottom line, be it through fraudulent activities or brand impacting actions, you need to be protected. With digital MDRs you can also optimally automate or semi-automate your response process and make sure you’re fighting the fraudsters and cyber criminals in their own court.
Budget 2018 - So What Are You Going to Do About It?
Instead of trying to tackle the fight alone, why not use MDRs to support you? Using an MDR service will remove the heavy burden of cyber security from your company, whether due to lack of staffing or technological resources. It will also help identify additional threats that would normally go unnoticed. Here’s the great part about it all, you don’t have to abandon your existing security tools! Instead, you can implement threat detection and response capabilities quickly, in order to protect your business without the worry.