What is Managed Detection and Response (MDR)? And Why It’s Critical to Cyber Security in 2022

Since 2020, the world of work has undergone some significant changes. Distributed workforces and bring your own device (BYOD) policies have made it easier to continue business-as-usual, but they’ve also presented new opportunities for cybercriminals to strike. 

As compared to 2019, the number of cyber-attacks in 2020 rose by 400%, with ransomware attacks increasing by 130% and the number of malicious websites rising by 120%. 2020 also marked the year that the estimated total cost of cybercrime to date finally topped $1 trillion — or 1% of global GDP.

There’s no question that escalating cyber risk requires organisations to reassess best practices for 2022. And the first step to building a secure, sustainable future in this ever-evolving threat landscape is developing a robust cyber security strategy. After all, protecting your business against cyber-attacks and other costly security incidents means safeguarding your customers’ data, your reputation, your business continuity, and, ultimately, your operational integrity. 

One of the most effective ways to keep your organisation safe while retaining flexibility, particularly in the context of remote working, is managed detection and response (MDR). This article is going to explain why, and how to get started today. 

Additional resources: At Six Degrees, we provide dedicated MDR services. Check out our guide to Managed Detection and Response at Six Degrees if you want to learn more and investigate the specifics of what a quality MDR solution can deliver.  

What is MDR? 

Managed detection and response (MDR) services are essentially threat response services delivered by external (as opposed to in-house) cyber security analysts and experts. An MDR team’s primary goal is to prevent security events from becoming breaches.

But MDR encompasses so much more than just incident response. It also includes vital management and monitoring capabilities, delivered by a service provider whose job it is to detect and address threats to your network. Using MDR to your advantage means benefiting from:

• 24×7 real-time, proactive alert management, detection and response. 
• Comprehensive protection of your system infrastructure.
• Trended reporting that quantifies the risks that have been contained, enabling you to see the value of your security investment.
• Bespoke, industry-specific configuration and management capabilities.

Many businesses choose to work with MDR partners because of their cost efficiency when deploying these outcomes. Essentially, delivering cyber security outcomes as-a-service enables organisations to access more sophisticated resources when they are needed — helping keep costs low and provide access to resources that might not otherwise be available. 

While some organisations might still require a specific level of in-house expertise, the best MDR providers are inherently flexible, making it possible to combine in-house capabilities and external services. By working in tandem with an MDR provider, your in-house team has less technology to manage and your business benefits from more security and minimised risk.

For a more in-depth breakdown read What is MDR.

MDR vs In-House Incident Response Teams 

There’s significant value to be found in partnering with an MDR provider instead of building out an in-house response team. Here, two main benefits stand out: economies of scale and access to in-demand cyber security skills.

Economies of Scale

Monitoring a system for threats requires relatively minimal resources, whereas responding to an active incident is often an all-hands-on-deck situation. This disparity presents a challenge to in-house teams — maintaining an appropriate level of specialised skill in-house would mean employing experts at all times when only actually requiring their full attention and expertise on rare occasions. 

On the flipside, MDR providers enable you to scale up or down according to your organisation’s ever-fluctuating needs. MDR providers operate security operations centres (SOCs) and already have the scalable infrastructure set up, making this option more cost-effective in both the short- and long-term. In addition, taking advantage of economies of scale can help you:

• Improve general efficiency. 
• Boost cost-efficiency, as you only pay for what you use, when you use it and avoid paying for ongoing staff costs, tech infrastructure and maintenance.
• Enable providers to allocate and share resources between customers more flexibly in the event of an incident.

Access to In-Demand Cyber Security Skills

Partnering with an MDR provider helps businesses respond to threats without the financial burden of maintaining a full-time, in-house team. However, it’s also worth noting that MDR service providers allow companies to side-step the cyber skills shortage. At present, there’s a substantial skills gap within the cyber security field — and this gap is likely to widen as threat levels continue to rise and the risk landscape becomes more treacherous. 

In 2020, nearly half of businesses reported lacking the skilled IT individuals required to protect their systems. As you can imagine, this supply-demand gap is only going to make cyber security professionals both more challenging to recruit and more expensive to retain. Partnering with the right MDR provider enables you to bypass this pressing issue entirely while still benefiting from industry-leading expertise — and again, only when you need it.

MDR Best Practice in 2021

Each year, cyber security issues and threats cost businesses billions. This leaves no doubt that investing in your cyber security strategy is a smart move. But selling the value of a robust security strategy to the board can be tricky, and many businesses understandably want to derive the most ROI possible from their strategic investments. This is why it’s essential to be able to do more with less. MDR is part of creating a cost-effective cyber security solution, but it isn’t a complete answer on its own. 

The Role of Endpoint Security

To be truly effective, MDR (or any incident response team) requires the ability to monitor a system and delay attacks long enough to effectively respond. Particularly in the context of remote working, this is where endpoint security systems come into their own.  

Endpoint security is a cyber strategy focused on end-user devices, or endpoints, each of which represents a potential point of entry for cybercriminals. However, the goal of endpoint security is not to protect individual end-user devices. Instead, endpoint protects the system as a whole through cloud-based tools that facilitate information security by managing flows between the devices and the network. In doing so, endpoint security centralises security and control while decentralising risk.

Endpoint security delivers:

• Immediate visibility of vulnerable or risky devices
• Immediate risk reduction and breach prevention
• Easier system management
• A simpler way of addressing security concerns associated with remote working and BYOD 

This solution partners incredibly well with MDR because of its focus on isolating and identifying threats before they become a breach. This type of solution delivers the flexible technical foundations that enable a managed service like MDR to be used to best effect. At Six Degrees, we use Microsoft Defender for Endpoint, an industry-leading tool that automatically isolates active threats, delivers advanced threat detection and response capabilities, and minimises overall risk exposure.    

Never Rely Wholly on Technology

While software is an important part of the fight against cybercrime, we want to emphasise that partnering strategically with managed security services means adding value through human expertise. This means combining the very best technology with a team that knows how to make the most of it. To that end, an endpoint system’s preventative security system and real-time defence capabilities are critical, but only in so much as they are then able to allow security analyst to:

• Prioritise threat alerts
• View the full scope of any breaches 
• Act immediately to rectify identified threats

Creating a more flexible future

MDR delivers an agile and multi-functional capability that enables you to respond flexibly to changing circumstances. If there is one thing we learned last year, it’s the critical importance of being prepared for the unknown. Active response capabilities need to be part of cyber security readiness in 2022 and beyond, and MDR is the most efficient way to deliver that outcome.   

Compared to in-house solutions, MDR provides access to economies of scale and allows you to side-step the cyber security skills shortage, while also freeing you to focus on core business competencies with the knowledge that your network is secure. Creating a more flexible future will require new ways of thinking, new best practices and new partnerships. Ready to learn more about our MDR services at Six Degrees? Get in touch!

Additional reading: Four Ways Strategic Partnerships Improve Cyber Security