Headline-making cyberbreaches have prompted most organizations to prioritize how much they spend on IT security....
However, most businesses lack the internal expertise and capabilities to mount a cohesive and effective defense.
Small businesses, in particular, struggle to derive the maximum benefit from their existing security infrastructure investments. In many cases, the security monitoring tools they have in place often require more manpower or expertise than the business has. As a result, IT finds itself tuning out the flood of threat detection alerts and missing potential security threats until it is too late.
New class of MDR vendors emerging
Fortunately, a relatively new class of IT security vendors is emerging to help small and midsize businesses with threat detection and response. Known as managed detection and response services (MDR), these products rely on network- and host-based detection tools to identify malicious patterns. These tools also typically gather data from endpoints inside the firewall to get a more comprehensive view of network activity.
MDR specialists -- among them Rapid7, FireEye, Raytheon Foreground Security, Rook Security and Red Canary -- take a different tack in how they approach potential threats and threat detection. Instead of focusing on device management, these managed detection and response services vendors emphasize mining and analyzing network performance data to glean threat intelligence.
MDR providers typically cull data from a variety of sources, including logs, network flow data and packet capture. They then offer recommendations or, in some cases, initiate automated actions -- e.g., sandboxing.
Benefits of managed detection and response services
MDR products are typically accessed as a managed service, although some vendors offer products that are more self-service in nature. MDR providers also offer triage support in the event a incident or threat occurs -- a capability that sets these companies apart from security monitoring services that fall short of the needs of many smaller businesses.
Seeing a new prospect pool, managed service providers that target larger enterprise clients are also beginning to explore whether they have a role to play as an MDR provider. Some, including Cisco, have made acquisitions to support their entrée into the space. Consolidation is virtually guaranteed.
Even as MDR services begin to gain traction, they're still a new and developing market. Small businesses may benefit from the security monitoring and threat analytics technology, but as is the case with any investment in an emerging area, organizations must carefully vet the products and understand the direction the vendor is planning to take.
In some cases, it might be worth the wait to see how the managed detection and response services space evolves -- and condenses -- before making the leap.
Choosing the right threat intelligence provider for your organization can be a daunting task and a time-consuming process. Expert Ed Tittel compares the top threat intelligence services to see how they differ and how they address various enterprise security needs.
Session hijacking is an easy attack to launch -- and a difficult threat to detect -- if the proper defenses are not implemented. Here, learn the necessary techniques for preventing session hijacking attacks on your network.
Not concerned about gadget and IoT security? You should be. Network admins must combat the security challenges introduced by the increasing number of IoT devices within their networks. Learn how they are doing it.
Dig Deeper on Network Security Best Practices and Products
Related Q&A from Amy Larsen DeCarlo
Homes now have more connected devices, which could become targets for hackers. Consequently, work-from-home employees should take certain steps to ... Continue Reading
Network management and security have become even more intertwined now that more employees are working from home. How can enterprises ensure they are ... Continue Reading
While Simple Network Management Protocol tracks network devices, Remote Network Monitoring tracks traffic. As a team, SNMP and RMON are essential for... Continue Reading