Erik Nordquist

Managed Security Product Director

Erik Nordquist is the Global Product Director at GTT responsible for the Managed Security portfolio including Managed Firewall, Managed DDOS, Managed Detection & Response and GTT’s newest offering, Managed SASE known as Secure Connect.

Five reasons for Managed Detection and Response

Cyber security has changed dramatically since 2020 when ransomware and other attacks rose by 435% and 93% of organizations have suffered a breach or compromise.^[1]The volume and damage from cyber attacks have increased exponentially and organizations are struggling to keep up with implementing and maintaining the necessary technologies to combat cyber criminals. Not to mention the struggle to find and retain qualified security professionals to properly manage and monitor these systems (62% of organizations’ cybersecurity teams are understaffed).^[2] Companies understand that it is no longer a question of if, but of when their business will be compromised. To make matter worse, the average time to detect and contain a breach is still over 280 days with 53% of breaches being discovered by an external source^[3]which allows attackers to gain access to crown jewels and cause devasting down time (Average daily downtime cost of a breach is $225,000).^[4]

But all is not lost. The good news is that we know that the faster we identify a breach, the faster and cheaper it is to remediate. The way that is done is with Managed Detection and Response (MDR) services. MDR helps organizations meet the challenges of the constantly changing threat landscape by providing remotely delivered modern Security Operations Center (SOC) capabilities which help organizations rapidly detect, analyze, investigate and respond to threats that have bypassed traditional security controls. Managed Security Service Providers (MSSPs) providing MDR offer a turnkey SOC experience complete with all the required systems (Security Information and Event Management or SIEN), processes and expertise (such as highly trained SOC analysts and certified SOC) to monitor an organization’s assets including security assets (firewalls etc.), endpoints, cloud services, etc. MDR takes an organization’s haystack of data and shows where the painful needles are and more importantly, helps eliminate the needles quickly to minimize impact — saving precious time and money.

MDR is the fastest and easiest way an organization can improve its security posture. Gartner estimates that by 2025, 50% of organizations will be using MDR services as companies of all sizes are realizing its value.^[5]

Here are five reasons how you can improve your security posture with MDR:

1. 24/7 coverage to find and remediate threats faster, saving time and money. Bad actors don’t work 8-5 and research shows teams only respond to approximately half the alerts they see daily.  With MDR, your organization is backed by a team available 24/7 ready to respond to threats. MDR services mean you have someone you can hold accountable to properly monitor and react to threats. MDR processes include log collection, log management, real-time monitoring, threat hunting, incident management, notifications, reporting and consultations.

2. Gain tools and expertise you don't have currently. MDR providers take on the responsibility of deploying, maintaining, and monitoring next generation detection technologies and are continuously improving their techniques to identify potential threats on your behalf. This means you no longer have to worry about product updates or patches.
3. Gain a powerful security team without increasing headcount. MDR services provide you with experienced security professionals responsible for staying current on the latest threats who acting as an extension of your team to save you the hassle and expense of trying to hire and maintain a 24/7 staff.  Currently there is a global shortage of over 3 million skilled cyber security workers.  Get time back, help alleviate alert fatigue and maybe even take a vacation by having an MDR service take on the time-consuming work of responding to alerts around the clock.

4. Immediate Return on Investment. To effectively staff a SOC for 24x7 coverage, it would require a team of 10 and upwards of 30 or more for large enterprises.”⁶ Security Magazine.. The cost to operate a SOC can easily start at $120K a month and building a mature SOC with the right people, processes and technologies takes time. Threats don’t stop leaving you vulnerable during that ramp up.  See immediate return on investment and gain a mature SOC for a fraction of the cost of doing it in-house with an MDR service, in fact it’s less than the cost of one analyst.

5. Improve your security posture. Learn from incidents to help ensure they won’t happen again, gain remediation expertise and leverage instant access to information with real-time dashboards. An MDR provider will work closely with you about ongoing security consultations, service reviews and even vulnerability scans —all to help ensure your business is more secure and poised to thrive.

The difference between the winners and losers when it comes to cyberattacks is how effectively the organization detects and responds to a threat or attack. MDR combines people, processes and systems to detect and remediate threats faster, saving time, money and resources that ensure your company’s data and business stay secure.  Accelerate your security maturity by speaking with an MSSP providing MDR services to ensure you are on the winning side by avoiding the ever-increasing cost and frequency of security breaches.

^[1] The State of Incident Response 2021, Wakefield Research (market survey of 500 security and risk leaders)

^[2] ISACA report, 2022

^[3] Ponemon Study, 2022

^[4] Soaring to New Heights by Megan Gates, July 2022; Esentire, MDR report

^[5] Gartner, Inc., Market Guide for Managed Detection and Response Services, 26 August 2020