As the halfway point of 2021 has come and gone, it’s become increasingly clear that we are currently facing a cyberthreat landscape more complex and dangerous than anything we’ve seen before. And it’s quite possible — more than a few would say probable — that the state of cybersecurity will only grow more complicated in the years to come.
The optimal approach to security is, in a nutshell, “everywhere and always on.” For enterprises, the challenge is to actually realize this wide-ranging approach, and there’s research to indicate that we are behind the eight ball in that department, to varying degrees:
- Among 500 organizations surveyed for a report conducted by Wakefield Research, 93% stated that they’d experienced a data breach or compromise of some kind since the pandemic.
- 49% of organizations queried in that same survey said point-blank that they were not equipped to meet the challenges of the cyberthreats they expected to face.
- 54% of the respondents said that the firms they worked for spent too much time addressing low-level threats, which detracted from overall incident responsiveness by taking time away from more serious issues.
It might be fair to say that such a survey is a small sample size … but any security expert worth their salt would tell you those problems exist among far more than 500 organizations. Just look at the headlines full of high-profile ransomware attacks on targets including Colonial Pipeline, JBS, and Kaseya, all of which dealt collateral damage to hundreds of other businesses. It’s clear we need a robust solution to guide the way forward, and managed detection and response (MDR) technologies — when implemented alongside cutting-edge networking solutions — can fill that role.
The Changed World: Post-pandemic Cybersecurity
Most (arguably all) of the biggest cyberthreats we see today — ransomware, massive data breaches, botnets, phishing, the sabotaging of infrastructure via distributed denial of service (DDoS) tactics — were quite present well before the COVID-19 pandemic hit in early 2020. But the crisis heightened their urgency. This was, to some extent, unavoidable. Businesses had to quickly adapt to remote operations for health and safety reasons, which made it increasingly difficult for infosec teams to keep track of network activity.
From a work perspective, remote has been successful for many organizations. It also opened up a new attack surface. A significant number of enterprises lack a uniform security approach across end-user devices, to begin with, and this is only exacerbated by “shadow IT:” workers using a wide range of personal computers and mobiles for their professional needs, even sometimes just briefly.
Even without the remote work factor, the move to the cloud — where a majority of organizations now host their workloads — was taking place before the work-from-home explosion. Gartner expects spending on end-user cloud tech to reach $332.1 billion by the end of 2021, a 23.1% increase that all but guarantees even greater exponential growth in the next few years. It also guarantees greater risk, as blackhats are increasingly targeting the cloud. Remote work exacerbates all of this by putting even more traffic and data up in the cloud, and with anywhere from 25-30% of employees operating remotely for the foreseeable future, these issues will only persist.
The rapid emergence of new technologies ranging from devices to networks, coupled with higher bandwidth needs to support increasingly sophisticated operations (and further complicated by increased compliance and reporting requirements), makes for a lot that IT has to keep pace with. While they’re getting the hang of it, malicious actors have room to attack, and if T departments have skills gaps that go long unfilled, danger only increases.
We’re seeing the consequences of large-scale security unpreparedness unfold in real-time, as exemplified by the aforementioned headline-making ransomware attacks. There will almost certainly be more stories like those in the news as 2021 unfolds. Less well-known but just as sobering examples come with the exponential increase in lower-level ransomware attacks. Not infrequently, these victims believe paying up is the easier option — which simply drives more malicious activity.
MDR: Putting Comprehensive Proactiveness Into Security
The combination of leading-edge threat monitoring (and threat-hunting) tools plus ongoing support from expert cybersecurity personnel is what makes Managed Detection and Response (MDR) so ideal for the modern threat landscape. It takes the burden of controlling a sophisticated endpoint detection and response (EDR) system off of an enterprise’s shoulders, making it the responsibility of a managed services provider (MSP) and its expert security team.
Prioritization is another of the most important attributes of MDR. As we noted earlier, more than a few enterprises have a difficult time with knowing which EDR alerts are urgent and which can be (at least temporarily) disregarded. Any EDR system, even one configured for an organization on the smaller end of the enterprise spectrum, will have hundreds of alerts daily. The thoroughness that allows the capture of so many alerts is valuable, but it’s critical for infosec teams not to go down blind alleys for minor threat activity (as determined by their business risk profile).
MDR — based on response policies a business establishes with its MSP to fit its unique security needs — addresses the most pressing threats and vulnerabilities first, so that they receive an appropriate and proportional response. The system will closely analyze the circumstances peripheral to an alert regarding a vulnerability or an emerging threat. It will suggest actions that can be taken to mitigate the recurrence of such dangers. It offers proactive protection at a greater scale into an enterprise organization, beyond the scale it could reach on its own — creating a clear return on investment.
The Advantages of MDR from GTT
GTT offers MDR a la carte or as a seamless add-on in conjunction with other managed services, and is particularly effective when deployed alongside SD-WAN. It is compatible with all major firewall and security solution vendors.
Our Tier 1 network provides a foundation for efficiently handled security operations (and strong overall network performance). This allows us to promise a response in less than 30 minutes within our service-level agreements. During this window, we identify, validate and investigate indicators of compromise, alert responsible parties and respond to the incident by initiating appropriate actions.
GTT offers continuous support for MDR clients, in accordance with the need for an always-on security posture. We offer daily reviews, executive summary reporting, advisory services from live security experts, in-depth incident analysis, and remediation recommendations. Meanwhile, the client portal offers full visibility into all MDR functions. To learn more about what our high-level security solutions can offer you, get in touch with us today.
About GTT
GTT connects people across organizations, around the world, and to every application in the cloud. Our clients benefit from an outstanding service experience built on our core values of simplicity, speed, and agility. GTT owns and operates a global Tier 1 internet network and provides a comprehensive suite of cloud networking services. We also offer a complementary portfolio of managed services, including managed SD-WAN from leading technology vendors.
