If you run a smaller enterprise or a mid-sized organization, you might think that hackers have bigger fish to fry and won’t set their sites on you. That line of thinking is risky, though. As cybercrime skyrockets, no organization is immune to attack, but implementing an MDR Service in advance can help you be prepared. To truly reduce your risk, though, the solution you choose should be appropriate for your size and needs. These five principles will help you shift your thinking and reduce your cyber risk.
1. Assume the mindset: Defenses can and will be penetrated
- Even though the top cyber headlines are focused on large, Fortune 500 breaches, do not think you are immune. Cybercriminals do not discriminate by business scale now that they have automated threats and tools like Ransomware as a Service.
- The two most common types of cyber attacks for Mid market companies are Microsoft 365 Account Takeover (via phishing watering hole, brute force attacks and combolist purchase) and Ransomware (via advanced endpoint exploit, session hijack and SAML token theft). Both of these are devastating to any organization leading to financial damage including wire fraud, ransom payments, business interruption, brand damage and massive increases in cyber insurance renewals.
- Using the NIST model, the MDR Service must directly invest in the Detect, Respond and Recover portions of the security lifecycle to be effectively protected from these attacks across endpoint and your Microsoft 365 services (which contains your identity and must be included)
2. The MDR Service must be optimized for YOUR IT team and environment.
- Mid Market MDR organizations below 2500 endpoints are very different with fragmented networks, a highly remote workforce and large investments in Microsoft 365 and their security stack. Microsoft 365 is an important component of your MDR Service and must be included. Microsoft provides world class security, but with 250M+ active global subscribers, account level touch and follow up on a key incident is impossible.
- Most providers are focused on the top of the market, citing Fortune 500 client lists. These environments are highly complex with 30+ security vendors supported by 100s of IT personnel spanning the globe. This is not the typical Mid Market customer and is not reflective of your needs.
- Provides a dedicated function and service to proactively perform real time threat detection, analysis across endpoints and Microsoft 365 services
- Time to value: Is the service easy to deploy and able to produce value in the first day or even hours?
- Purpose built, focused MDR / XDR platforms optimized for Mid Market, leveraging cloud and speed beat the broad legacy on prem, SIEM based approach that powers most of traditional MSSP market
3. Ensure the MDR Service includes Advanced Detection with the following critical capabilities:
- Cloud based data collection, aggregation and analysis across endpoint and MS 365 cloud services
- Behavioral monitoring to covers the top adversary TTPs prescribed by MITRE
- Machine learning based alerts with data correlation capabilities
- Rules based alerting to filter out large volumes of data and alerts down to the critical few
4. Ensure the MDR Service includes Scalable and Automated Response with the following capabilities:
- Predefined automated actions to mitigate malicious activity and stop attacks in progress across endpoint and Microsoft 365
- Ability to push these actions across the network without using Active Directory or other central services that are usually compromised early in the attack lifecycle
5. Ensure your service provider includes expert SOC services with 24×7 monitoring that fit well with your IT team.
- Fit and Dependability: Make sure the team is a good fit for yours. Do the references they provide know their names and swear by their dependability during a time of need?
- Expertise: Detection and Response is a highly specialized skill set and requires 1,000s of hours of training and real world experience for analysts to be effective against highly trained adversaries.
- Proactive detection must be performed by a dedicated team that is reviewing alerts and will not be sidetracked with day to day firefighting in IT.
- 24X7: Attacks typically occur during nights, weekends and holidays when traditional teams are not as responsive. Make sure you have experts always on call with an investigate and response SLA for critical threats.
The post Five MDR Service Principles to Reduce Risk in Small Enterprises appeared first on Infocyte.
*** This is a Security Bloggers Network syndicated blog from Blog – Infocyte authored by Curtis Hutcheson. Read the original post at: https://www.infocyte.com/managed-detection-and-response/2021/09/01/five-mdr-service-principles-to-reduce-risk-in-small-enterprises/