New and unknown threats are becoming more complex and are increasing the workloads of security professionals. Security teams are faced with a continuous stream of new malware, ransomware and fileless attacks that put their organization’s sensitive data and business operations at risk. Traditional MSPs and MSSPs continue to be limited in how they address these emerging advanced threats. To better support their clients, leading MSSPs are now adding Managed Detection and Response (MDR) with predictive Endpoint Detection and Response (EDR) to their portfolio of service offerings.
Why Managed Detection and Response is a Critical MSSP Offering
Recent studies tell us that a new malware specimen emerges every 4.2 seconds. It is estimated that over 357 million new malware variants were introduced last year. The 2017 Verizon Data Breach Investigation Report determined that 49% of all cyberattacks are now fileless, and 90% of the security breaches investigated were not previously observed by security teams. In this frightening environment, four major challenges characterize the emerging need for MDR.
1. Malware Is Running Rampant
The WannaCry, NotPetya and Bad Rabbit attacks have shown us that attacks are becoming more sophisticated, have brought down computer systems around the world and have demonstrated that businesses are a prime target.
2. New Threats Require New Approaches
Traditional legacy endpoint solutions like antivirus, Next-Gen Antivirus and event-based Endpoint Detection and Response solutions are effective at detecting known threats. Kaspersky Labs found that nearly 80% of security spend goes toward these traditional prevention technologies, but these technologies are not effective in catching unknown threats and fileless attacks.
3. Detecting Attacks Takes too Long
Today’s attacks are fast moving. Verizon tells us that in 82% of security incidents, the initial compromise occurred in minutes. Meanwhile, Poneman tells us that the time between an initial compromise and when the breach is fixed averages 229 days. Clearly, there is a mismatch.
4. Resources Remain a Challenge
In today’s competitive marketplace, finding and developing qualified security professionals is a major challenge. Organizations continue to struggle to find candidates with the necessary security skills. And, when they do, those individuals are expensive to hire and overwhelmed with the volume of work. Security Week recently found that organizations deal with thousands to tens of thousands of security alerts every week, and have the time to actually investigate only 4% of the alerts.
A Services Gap That Needs to Be Filled
Traditional MSPs and MSSPs tend to offer device management, alert management and support ticket management services. In some cases, MSSPs also offer incident response and remediation services after a breach occurs and a threat is identified. The gap that needs to be filled is the ability to leverage technology to proactively predict and defend against future attacks in a timely manner. This is the service offering that is now being called MDR with Predictive Endpoint Detection and Response.
Predictive Endpoint Detection and Response does not rely on signatures or Indicators of Compromise (IoCs), and is therefore the most reliable solution for detecting and responding to unknown threats and fileless attacks. It empowers MDR solutions with the intelligence needed to prioritize threats and adopt more agile and proactive incident response. MDR services powered by Predictive EDR provide customers with a continuous end-to-end approach that detects threats earlier, provides comprehensive interpretive details and ratings on the risk of the intrusion and why it is ranked as such, predicts what it can do, and delivers actionable guidance for prevention based on gained intelligence. MDR services give clients access to experienced analysts, proven processes, and the technology required to detect and respond to both known and unknown threats.
The Bottom Line
If you are looking for an EDR solution to power your MDR Service offerings, consider what leading MSSP providers have selected--a Predictive EDR solution that includes:
- In-memory threat detection to identify suspicious behaviors that other endpoints solutions miss
- Predictive analytics to enable your security analysts to visualize, analyze and respond to threats in their early stages
- Large-scale data storage and management to collect and analyze the variety and detailed behavioral data needed to support effective threat hunting and prevention
By adopting a Predictive EDR solutions with these critical capabilities, leading MSSPs are empowered to adopt more agile and proactive threat management strategies to protect the sensitive data and ensure uninterrupted business operations for their clients. And in so doing they add a significant revenue stream to their financials.
Thom VanHorn is Senior Director, Marketing, CounterTack.
This guest blog is part of a Channel Futures sponsorship.