Cybersecurity resources and tools must be reinforced.

With a massive move to the Cloud, there is a need for velocity and agility. The arrival of other technologies, such as the End Point Detection & Response (EDR), have drastically changed the cybersecurity environment as well. The Cybersecurity Operations Center (CSOC) is now the cornerstone of cybersecurity operations.

From CSOC to MDR

This shift paved the way to MDR. MDR, which stands for Managed Detection & Response, is an advanced CSOC offer that includes a new surface capacity. Forrester described MDR as “advanced analytical techniques” from tools like “endpoint detection and response software [and] network analysis and visibility” to perform “proactive threat hunting and automated response.”

MDR benefits

Managed Detection & Response transformed working methods, improving effectiveness of security operations in threat identification, investigation, and response:

• Improve threat visibility
• New capacity reducing mean time to detect (MTTD) and mean time to respond (MTTR) providing faster detection and response to threat
• Dedicated personnel & technology available 24/7
• Rapid service activation and coverage through a ready to act team
• Access to experts that assist security teams in operations that require skill sets, such as risk assessment, vulnerability management, forensic investigations and incident response

What is an XDR ?

XDR stands for Extended Detection & Response. It gathers and automatically correlates data from multiple security layers such as email, endpoint, server, cloud workload, and network. The XDR does not replace a SIEM, but helps improve it by reducing the time Security Analysts need to assess alerts and logs in order to decide what requires specific attention and deeper investigations.

Vision One solution from Trend Micro:

• Central station (one source, one place, one location)
• Comprehensive protection
• Greater risk visibility
• Reduced mean time to detect
• Faster investigations
• Automation
• Complete response
• Proactive policy management
• Reduced mean time to respond
• Feeding activity data from multiple layers to a data lake

This allows for faster detection of threats and improved investigation and response times through security analysis.

What is an NDR?

NDR stands for Network Detection & Responses. It aims to detect cyber threats on the network layer. This technology is based on machine learning and data to build normal traffic scenarios. In case of suspicious traffic activity, an alert is raised. NDR is not limited to detection, it also includes an incident response functionality.

AionIQ solution from Gatewatcher:

• is autonomous and does not require additional equipment
• is easy to set up
• possesses a strong resistance to corruption attempts & reduces attack surface
• offers a strong reactivity in case of attacks
• can be deployed on premise or in the cloud
• is available in different offers to fit to your own infrastructure

Back to the foundations: CSOC

In conclusion, we must understand that MDR relies on new and convenient technologies. However, without proper cybersecurity knowledge and expertise, those technologies can rapidly be time-consuming and a considerable workload.

It remains a huge opportunity for Managed Security Service Providers, such as Excellium Services, to expend the intervention surface for the customers.

It is important to acknowledge and understand the importance and role of the human behind this type of service, rather than investing in numerous tools. Humans remain central.