Blog

Do a Risk Assessment before buying MDR

October 4, 2021
Ken Ballard

Why You Need a Risk Assessment Before You Buy MDR Services

 

An effective risk assessment looks at your unique assets and business processes, identifies threats against them, and allows you to make rational decisions on how best to protect them. In this way, a risk assessment is unique to every organization, even those in identical industries.  For example, two nearly identical organizations might have a slightly different tolerances for risk, they may choose to mitigate a risk differently, or they have different technology that gives them different risk profiles.  

This is why conducting a risk assessment is so important to do periodically, and anytime you invest in new technologies.  If you don’t, you may over-invest in some areas and under-invest in others.

One of the latest trends in cybersecurity is Managed Detection and Response or MDR. While MDR uses new technologies and improves security exponentially, a risk assessment will give you the confidence to take advantage of this latest technology in a way that truly suits your organization's unique needs.

The Need for Advanced Endpoint Protection

MDR begins with Endpoint Protection. Endpoint Protection is vital today for three reasons:  

  1. The traditional network perimeter is disappearing, and security defenses, such as firewalls, no longer offer adequate protection across a hybrid IT environment.
  2. The changing workforce dynamics instigated by Covid-19 are such that 86 percent of employees want to work from home.It’s clear remote work is here to stay to some degree.
  3. The crux of the matter is that endpoint devices, from employee laptops to personal devices, are becoming the new perimeter. This makes endpoint security a must-have for protecting your data, applications, and network.

As described in our recent blog post on security acronyms, XDR is the leading toolset for Endpoint Protection, and there are many vendors. Unlike passive signature-based scanning, XDR does this plus looks at system behaviors. XDR then uses AI to respond to threats automatically.  

Why Businesses Opt for MDR

XDR may be the latest advancement in detection and response, but it is not without its flaws. The all-encompassing scope of XDR is such that it monitors and generates alerts for threats across all endpoints, email, cloud infrastructure, and more. While Artificial intelligence handles many of these alerts, XDR still creates a lot of manual work in tuning and responding to indicators of compromise (IOCs).

The additional work is creating an increased demand for Managed Detection and Response (MDR), which outsources XDR capabilities to a managed service provider. That is, an MDR service provider monitors XDR data feeds and handles further investigation and response.The demand for MDR is big, and the market is expected to grow from $335.5 million back in 2016 to $1.6 billion by 2022.

The Importance of Risk Assessments for MDR

While MDR services provide a cost-effective means of obtaining advanced detection and response capabilities, it’s important not to treat MDR as a plug-and-play cybersecurity solution. In practice, all systems are not equal, and it’s prudent to align detection and response with critical business operations.

Do you need XDR on every system? Can IOCs on one network segment prompt a need to tighten security on another? How fast do you need to move in your purchase and deployment of a solution?

You really don’t want your MDR vendor answering these questions for you.  You need to answer these questions first with a risk assessment tuned to XDR/MDR. Without a risk assessment that indicates whether to tune the XDR on the device up or down depending on the system and circumstance, you can end up with alerts and responses that unnecessarily disrupt important business operations. Consider the following example of a medium-sized wealth management company:

  1. The company buys an MDR solution with the intention of protecting the large volume of sensitive financial data it stores and transacts.
  2. The company lets the MDR do a generic configuration. Because of this, a simple security alert on a marketing manager’s laptop temporarily shuts down the trading desk system while the alert is investigated.
  3. Rapid price movements in a dynamic financial market result in severe losses to the fund’s value and missed trading opportunities.

In this example, a lack of risk assessment results in poor alignment between detection and response and critical business operations. Before buying any type of endpoint security solution, you need to conduct a risk assessment that identifies:

  1. Your most sensitive data and business processes
  2. Who can access different resources for what business purposes
  3. What your business-critical applications are
  4. What security scenarios should trigger a halt to business-critical activities
  5. What impact, if any, a lateral compromise on an unrelated endpoint device has on a business-critical process

Conducting and documenting this risk assessment before entering into a contract with an MDR vendor is vital for getting detection and response capabilities suited to your unique business.

Generic MDR Issues and Conflict of Interest 

The lack of a risk assessment is often compounded by some issues with generic MDR services. Most MDR services treat all systems equally. For example, a desktop workstation used by a senior accountant is treated no differently in terms of detection and response than an infrequently used tablet belonging to a junior salesperson.

In the real world, different systems and users have more varying levels of access to critical business data and processes. It makes sense that the closer proximity a system has to important resources, the more sensitive the detection and response should be. The opposite is also true—you probably don’t need to shut down a production application for a minor event.

Furthermore, MDR vendors have an incentive to tune down the XDR system so that fewer alerts are generated. Fewer alerts mean lower costs for the MDR vendor in terms of hiring SOC analysts to triage and respond to those alerts. Businesses can get more value from an MDR service by providing them with the guidance and insights gleaned from a risk assessment.

The Security Pursuit MDR Difference

At Security Pursuit, we encourage a risk assessment for MDR to ensure they are getting the most for their security budget. Using the results of the risk assessment, your XDR system will be aligned to your organization's unique risk profile. This results in response strategies are appropriate for given alerts, IOCs, and threats. Your system is tuned up for high-risk situations and tuned down where low-risk alerts could affect normal business operations.

Ultimately, we work with you and your knowledge of your business to make your XDR/MDR system respond to threats swiftly and appropriately, no matter where they happen.

Contact Us to Learn More 

Partner with us at Security Pursuit to get the most out of your security investments. Fill out this form to contact us.

«  Back To All Articles
Next Article
  »
Misconfigurations for Office 365
5 Most Common Attacks That Dodge Your Firewall.
4 Pentest Paradoxes You Must Get Right
Do a Risk Assessment before buying MDR
6 Rules of Engagement for any Penetration Test
Cyber Alliance Program
Your Perimeter is Disappearing
Cybersecurity Acronyms for Retirement Administrators
XDR, MDR, SOAR - Acronyms of Cybersecurity Detection & Response
Test Blog Post 3
Test Blog Post 2
White Paper - XDR for Retirement Systems
The Total Cost of Ransomware - 7 Categories
The Power of Data Continues to Grow
Who Shares Responsibility for Data Security in a Health Crisis?
Identifying Cloud Security Gaps in a Remote Workforce
Mid-year Threatscape Assessment and Review of Significant Cyber Incidents
Front Line Report: 2020 Election Cybersecurity Threats
The Rising Stakes of Compliance: GDPR, CCPA, and Others
Increasing Healthcare Cybersecurity With a Proactive Defense Strategy
5 Ways to Lower Risk and Maintain Privacy in Your Organization
9 Tips for Detecting and Preventing DDoS Attacks
5 Ways to Secure Your Access Control Vulnerabilities
6 Strategies to Prevent SQL Injection Attacks
7 Commonly Neglected Security Tasks: DMARC, DNS Calls, And More
The Impact Of A Cyber Attack On A Nation
History Matters: Cyber Attacks From The 1980S
What Healthcare Organizations Need To Know About Samsam Attacks
Reflecting On 2019: Blockchain, AI, Machine Learning, Cryptojacking, And More
California Consumer Privacy Act (CCPA): What You Need To Know
Why Covid-19 Phishing Criminals Love Machine Learning (Ml)
Malicious Bot Activity Continues To Rise As Employees Work From Home
How Crypto-Agile Is Your Organization?
How Businesses Can Prepare For The Coming Iot Surge
Where To Find Cybersecurity Help: Addressing The Security Expert Shortage
Ransomware: To Pay Or Not To Pay?
How Expensive Is A Data Breach?
Looking Ahead: The Cybersecurity Landscape In 2021
Attack On Solarwinds Infiltrated U.S. Government Networks: What It Means For You
5 Best Practices To Secure Your Remote Workforce
Top 5 Most Dangerous Ransomware Attacks — And How To Protect Your Business
Reduce Data Breach Costs With Artificial Intelligence
5 IoT Trends To Continue Watching In 2021
AI Poisoning: What You Need To Know To Protect Your Business
Zero Day Exploits: Advanced Cyberattacks
Why Users Should Never Auto-Fill Forms: Browser Exploit Overview
Don't Be Fooled By Padlocks And SSL Certificates
5 Ways To Shield Executives From Whaling Attacks
How Artificial Intelligence (AI) Is Helping Cyber-Criminals
Why Breaches Are Becoming More Difficult To Defeat
History Matters: Cyber Attacks From The 1960S
History Matters: Cyber Attacks From The 1970S
History Matters: Cyber Attacks From The 1990s
History Matters: Cyber Attacks From The 2000S
The Rise Of Mobile Malware
Growing Concerns Over Voice Phishing Scams
Stopping The Spread Of 5G Security Vulnerabilities
Why Small Business Is A Big Cyber Crime Target
Feeling The Heat: Geopolitical Cybersecurity Threats
The Role Of Artificial Intelligence In Effective Cyber Attacks
Absolute Zero: Zero Trust And Zero Standing Privileges
Data Security Challenges in the New Era of Remote Work
Why Penetration Testing Has Never Been More Important
5 Ways to Protect Your Business From Phishing Attacks in 2021

join our email list

Security Pursuit logo
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
Professional ServicesProduct Solutionsaboutpartnersblogcontact
denver office
2000 Araphahoe Street, Suite 1
Denver, CO 80205
720-675-7668
LinkedIn iconlinkedintwitter logoTwitter iconFacebook iconFacebook icon
san francisco office
2315 Montgomery Street, 10th Floor
San Francisco, CA 94104
415-735-4225
© 2021
Designed by H1 Web Development