SecurityInformed.com
  • Products
    Video Surveillance
    • Surveillance cameras
    • Video Surveillance software
    • IP cameras
    • Digital video recorders (DVRs)
    • Dome cameras
    • Network Video Recorders (NVRs)
    • IP Dome cameras
    • Security camera lenses
    Access Control
    • Access control readers
    • Access control software
    • Access control controllers
    • Access control systems & kits
    • Intercom Systems
    • Electronic lock systems
    • Access control cards/ tags/ fobs
    • Access control accessories
    Intruder Alarms
    • Intruder alarm system control panels & accessories
    • Intruder detectors
    • Intruder alarm warning devices
    • Intruder alarm communicators
    • Intruder alarm accessories
    • Intruder alarm lighting systems
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    Climax Unveils Hybrid Security System

    Climax Unveils Hybrid Security System

    Hanwha PNM-9085RQZ Multi-Sensor Camera

    Hanwha PNM-9085RQZ Multi-Sensor Camera

    Ava Aware Cloud: Simple, Smart Security

    Ava Aware Cloud: Simple, Smart Security

  • Companies
    Companies
    • Manufacturers
    • Distributors
    • Resellers / Dealers / Reps
    • Installers
    • Consultants
    • Systems integrators
    • Events / Training / Services
    • Manned guarding
    Companies by Product area
    • CCTV
    • Access control
    • Intruder alarm
    • IP networking products
    • Biometrics
    • Software
    • Digital video recording
    • Intercom systems
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
  • News
    News
    • Product news
    • Corporate news
    • Case studies
    • Events news
    Latest
    • Ferrero Rocher Outfits New Global Headquarters In Luxembourg With Custom Golden Boon Edam TQA Automatic Revolving Door
    • Allied Universal Announces The Acquisition Of Atlanta-Based Security Company, SecurAmerica
    • DigiCert Reaches Milestones For Nordic Region Expansion With Growing Customer Base And Channel Partner Community
    • Viking Electronics Unveils PA-250-IP High-Powered Rack-mounted Amplifier For Unicast And Multicast Paging
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
  • Insights
    Insights
    • Expert commentary
    • Security beat
    • Round table discussions
    • Security bytes
    • Round Table Expert Panel
    • eMagazines
    • Year in Review 2020
    • Year in Review 2019
    Featured
    • Safety In Smart Cities: How Video Surveillance Keeps Security Front And Center
    • Which new buzzwords reflect the security industry’s trends?
    • Biometrics Provides Industries With Security, Access Control And Data Protection
    • Retail Security In 2021 And Beyond
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
  • Markets
    Markets
    • Airports & Ports
    • Banking & Finance
    • Education
    • Hotels, Leisure & Entertainment
    • Government & Public Services
    • Healthcare
    • Remote Monitoring
    • Retail
    • Transportation
    • Industrial & Commercial
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    Dahua Technology Installs HD CCTV Cameras With Smart Analytics Using AI To Secure Iconic Battle Of Britain Bunker

    Dahua Technology Installs HD CCTV Cameras With Smart Analytics Using AI To Secure Iconic Battle Of Britain Bunker

    Oliver Law Security Installs Vanderbilt ACT365 Security System To Protect One Of Doncaster’s Largest Gyms, The Fitness Village

    Oliver Law Security Installs Vanderbilt ACT365 Security System To Protect One Of Doncaster’s Largest Gyms, The Fitness Village

    Hikvision IP CCTV Systems Protect Visitors And Stores At Somerset Mall In South Africa

    Hikvision IP CCTV Systems Protect Visitors And Stores At Somerset Mall In South Africa

    CLIQ® Access Control Solution From ASSA ABLOY Helps Secure Museums, Shopping And Indoor Leisure Sites

    CLIQ® Access Control Solution From ASSA ABLOY Helps Secure Museums, Shopping And Indoor Leisure Sites

  • Virtual events
    Virtual events
    • Video Surveillance
    • Access Control
    • Video Analytics
    • Video Management Systems
    • Integrated Systems
    • Asset Management
    Events
    • International security
    • Regional security
    • Vertical market
    • Technology areas
    • Conferences / seminars
    • Company sponsored
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    Capture New Opportunities With Computer Vision And Video Analytics

    Capture New Opportunities With Computer Vision And Video Analytics

    Maximizing 8K Resolution & LPR Solutions for Stadiums, Municipalities and Government

    Maximizing 8K Resolution & LPR Solutions for Stadiums, Municipalities and Government

    Vanderbilt ACT365 With Schlage ENGAGE Locks

    Vanderbilt ACT365 With Schlage ENGAGE Locks

    How Open Supervised Device Protocol (OSDP) is Revolutionizing Access Control Systems

    How Open Supervised Device Protocol (OSDP) is Revolutionizing Access Control Systems

  • White papers
    White papers
    • Video Surveillance
    • Access Control
    • Video Analytics
    • Video Compression
    • Security Storage
    White papers by company
    • Hanwha Techwin America
    • Eagle Eye Networks
    • Gallagher Security (Europe) Ltd
    • Inner Range (Europe) Ltd
    • Everbridge
    Other Resources
    • eMagazines
    • Videos
    Topics
    • Artificial intelligence (AI)
    • Counter Terror
    • Cyber security
    • Robotics
    • Thermal imaging
    • Intrusion detection
    10 Step Guide to Staying Ahead of Emerging Security Threats

    10 Step Guide to Staying Ahead of Emerging Security Threats

    2021 Trends in Video Surveillance

    2021 Trends in Video Surveillance

    5 Security Lessons For Navigating COVID-19

    5 Security Lessons For Navigating COVID-19

    Security Investments Retailers Should Consider For Their 2021 Budget

    Security Investments Retailers Should Consider For Their 2021 Budget

About us Advertise
  • Artificial intelligence (AI)
  • Counter Terror
  • Cyber security
  • Robotics
  • Thermal imaging
  • Intrusion detection
  • Body worn video cameras
  • ISC West
  • Video management software
  • Video analytics
  • COVID-19
  • View all
Cyber security
  • Home
  • About
  • News
  • Expert commentary
  • Security beat
  • Case studies
  • Round table
  • Products
  • White papers
  • Videos
Cyber security

How Managed Detection And Response Enhances Cybersecurity Management In Organizations

How Managed Detection And Response Enhances Cybersecurity Management In Organizations
Michael Malone
Michael Malone
Download PDF version
Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Related Links
  • Critical Network Of Things: Why You Must Rethink Your IoT Security Strategy
  • Why Collaboration In The Security Industry Is Needed To Increase Cybersecurity In 2018
  • Why The Future Looks Bright In Cyberspace For The Security Industry In 2018
  • Safeguarding Enterprises Against Cybersecurity Threats Is Essential For The Future

There was a time when one of our biggest challenges was securing our physical assets, whether that was our people or our property from crime.

We researched and deployed the very latest in video solutions, intrusion systems, fire alarms and access control devices, all in an effort to keep the bad guys out and the good guys safe, along with protecting our facilities from break-ins, robberies and countless other crimes. However, times are changing. No longer must we only be concerned about keeping intruders out of our buildings but now—off our networks.

It should come as no surprise that cybercrime is one of the biggest threats organizationisations of all shapes and sizes face today. While attacks on major brands and Fortune 500 companies make headlines, there were purportedly 918 reported data breaches, compromising nearly 2 billion data records in just the first six months of 2017. Of those 918 breaches, 500 of them had an unknown number of compromised records.

Some in the industry referred to not locating cyberattacks in a swift manner as a breach detection gap or dwell time

Reducing Breach Detection Gap

Depending on your organization, these cybercrimes and the investigation into them, may be handled by your IT department. However, considering the magnitude of these crimes, it now falls on the entire organization, including the traditional security or loss prevention executives, to band together to combat these threats.

One of the biggest challenges cyberattacks pose is timing. Often cyberattacks can go undetected for weeks, months or even years. Some in the industry referred to this timing as a breach detection gap or dwell time and is defined as the time elapsed between the initial breach of a network by an attacker and the discovery of that breach by the victim.

To put that into perspective, the most recent Ponemon report on the cost of a data breach showed dwell time for malicious attacks has stretched to an average of 229 days—a long time for bad actors to be lurking around your networks.

Many companies rely on heritage-based services offered by managed security service providers (MSSPs)

Traditional Cybersecurity Measures

We are familiar with traditional cyber lines of defence against these attacks like firewalls and anti-virus software. While these solutions are effective at identifying and potentially stopping known forms of malware and viruses that are attacking companies every day, they are blind to signatureless and zero-day malicious activity.

Unfortunately, this trend does not show signs of letting up as internal security processes are having trouble keeping up with increasingly sophisticated land pervasive threats.

Many companies rely on heritage-based services offered by managed security service providers (MSSPs) that use security information and event management (SIEM) software, or intrusion detection systems/intrusion prevention systems (IDS or IPS respectively) to monitor networks for malicious activities on a continuous basis.

However, these activities are based on known threats where a valid signature of the cyberattack or system logs are available and used to analyze activity. They then provide security alerts to the client and generate reports for compliance purposes.

This form of alerting often generates an overwhelming number of notifications causing what is coined in the industry as ‘alert fatigue’ making it hard to weed out what is important from what is not.

Cybercrime is one of the biggest threats organizations of all shapes and sizes face today
Managed detection response uses a combination of advanced technology and expert human analysis to combat cybercrime

Managed Detection And Response

The Ponemon Institute found that companies spend an average of 21,000 hours each year analyzing false negative/false positive alerts trying to detect and contain cyberattacks. This translates to approximately 17,000 security alerts in a week of which only 4% were deemed reliable and investigated. This can potentially waste nearly $1.3 million per year on investigating and managing inaccurate data.

Based on this overwhelming challenge, it’s time for organizations to look at improving real-time threat detection and incident response capabilities beyond standard security screening and compliance requirements. In addition to the services provided by an MSSP, it would be wise to add or layer a managed detection and response (MDR) service to your arsenal of cyber defence weapons.

An MDR analyst can replay the event allowing him to dig deeper into the incident and determine remediation steps

Identifying Real Threats With MDR Services

MDR services use a unique combination of advanced technology and expert human analysis. Equating MDR services to traditional physical security devices, it is more like having a DVR, where an analyst can go back and replay the incident on the network via packet capture technology.

Event logs and signatures by themselves don’t provide visibility and detail. Traditional cyber defences act like a conventional alarm system. The alarm sounds and a notification is sent, but there is no context or detail about the incident and it is up to the recipient to determine if the alarm is valid, what exactly happened and what to do about it.

With packet capture on the network, an MDR analyst can replay the event allowing him to dig deeper into the incident and determine remediation steps. This approach helps quickly identify real threats to the business, provides remediation specifics for timely resolution, and significantly cuts through the false positive noise so security teams can focus on the things that matter.

Efficient Incident Management

MDR services only notify clients after the incident is verified. The notifications provide granular detail of the scope and severity of an attack with recommendations for quick containment and response. MDR services offer 24/7/365 continuous monitoring of customer network data, provide analysis of the data to add context to the event and notify the customer of the incident.

With MDR services, clients have direct communication with the security analyst and rely less on using an alert portal

With MDR services, clients have direct communication with the security analyst and rely less on using a portal for alerting, investigations, case management and workflow activities.

Because MDR services rely on advanced tools and human analysis, they are more apt to uncover malicious activity that has breached the first line of defence and can reduce the time from infection to detection to minutes rather than months.

Combating Cybercrime With Secure Networks

To sum it all up, MSSPs focus on perimeter devices like firewalls, or IDS/IPS and SIEM and provide device management such as updating firewall rules, anti-virus software and compliance reporting. They are typically used to supplement internal IT or security teams.

An MDR service concentrates on detecting threats that have penetrated the perimeter. MDRs deliver threat notification and remediation guidance. While both solutions provide value to their clients, their basic areas of focus are different.

Cybercriminals are becoming more coordinated in their efforts to steal our data, disrupt our operations and damage our brands. It is time that we coordinate our efforts across the entire organization to combat them.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version
  • Network / IP
  • Video security systems
  • Business security systems
  • Physical security
  • Security access systems
  • Electronic access control
  • Burglar alarm
  • Intrusion detection
  • Building security
  • Facility security
  • Security alarm
  • Security software
  • Video surveillance solutions
  • Perimeter protection
  • Cyber security
  • Crime prevention
  • Fire Safety
  • Data Security
  • Digital Video Recorders
  • Incident Management
  • Security Assessments
  • Related links
  • Articles by Michael Malone
  • Related categories
  • Surveillance cameras
  • Video Surveillance software
  • Access control software
  • Intruder alarm communicators
Related articles
What are the New Trends and Opportunities in Video Storage?

What are the New Trends and Opportunities in Video Storage?

How Can Cybersecurity Impact Physical Security (and Vice Versa)?

How Can Cybersecurity Impact Physical Security (and Vice Versa)?

Security And Safety Things Demonstrates Growing IoT Platform For Security Cameras At CES 2020

Security And Safety Things Demonstrates Growing IoT Platform For Security Cameras At CES 2020

Follow us

Sections Video Surveillance Access Control Intruder Alarms Companies News Insights Case studies Markets Virtual events Events White papers Videos March 2018 news RSS
Topics Artificial intelligence (AI) Counter Terror Cyber security Robotics Thermal imaging Intrusion detection Body worn video cameras ISC West Video management software
About us Advertise About us 10 guiding principles of editorial content FAQs eNewsletters Sitemap Terms & conditions Privacy policy and cookie policy

Subscribe to our Newsletter

Stay updated with the latest trends and technologies in the security industry
Sign Up

DMA

SecurityInformed.com - Making The World A Safer Place
Copyright © Notting Hill Media Limited 2000 - 2021, all rights reserved

Our other sites:
SourceSecurity.com | TheBigRedGuide.com | HVACInformed.com

Subscribe to our Newsletter


Sign up now for full access to SecurityInformed.com content
Download Datasheet
Download SecurityInformed.com product tech spec