Trending Oversight Topics
Governance Surveys
Center for Inclusive Governance
How to Overcome Security Operations Challenges With Managed Detection and Response
08/01/2024
Cybersecurity has become a bugaboo for boards, who are now faced with addressing ransomware, privacy issues, and other forms of cyberattacks. Gone are the days when security incidents fell to the technical depths of the organization; with security risk now a business risk, the board is now heavily involved.
This is no easy job—even for the largest of organizations. Here are some trends contributing to the recent cybersecurity challenges:
- The ongoing talent shortage: While the severity of the threat landscape continues to grow, it is becoming increasingly difficult to find people to stop it. Estimates vary, but according to the ISC2’s Workforce Study: Looking Deeper into the Workforce Gap, there are currently 3.4 million unfilled cybersecurity jobs. And this is not a problem companies can “just throw money at;” there currently aren’t any available resources to hire.
- Technology sprawl: Some organizations are trying to supplement a lack of personnel with additional technology solutions. But rather than helping, this is causing more problems. In fact, 40 percent of respondents in Optiv and the Ponemon Institute’s 2024 Cybersecurity Threat and Risk Management Report say they have too many tools to achieve a positive cybersecurity posture—so spending more money to buy more solutions isn’t the answer.
- Lack of strategic budgeting: That same survey found that, despite increasing cybersecurity budgets, only 36 percent of respondents have a formal approach to determining cybersecurity spending, meaning they are “flying blind” with their budgets.
As a result of these challenges, the typical security operations center (SOC) is short-staffed, over-tooled, and overmatched against modern threats. This is why, according to IBM’s Cost of a Data Breach Report 2023, it takes SOCs 204 days to detect that a breach has happened. And CrowdStrike’s 2024 Global Threat Report reveals that it takes only 62 minutes for an adversary to move laterally from a compromised system to another uncompromised one. The potential damage they can do in the time between initial penetration and being caught is unimaginable. This is a key contributing factor to why data breaches are so widespread, and they are also expensive propositions for the victim. Additionally, IBM’s reports states that the average data breach costs an organization $4.45 million.
Solving the Problem With Outsourcing
One of the ways in which companies are seeking to narrow the security gap with adversaries is to adopt managed security services (MSS). These are security services outsourced to a third-party, known as a managed security services provider (MSSP), and they are a way for organizations to fortify or replace their in-house SOC.
The value of outsourcing is well understood in other parts of enterprises. For example, legal and accounting are two areas where organizations use outsourced experts to supplement or replace internal staff and to provide specialized services that are not practical to maintain in-house. The benefits are clear: outside firms focus on one area that isn’t a part of their client’s core business. These outsourced firms have a deep bench of experts and accommodate all hiring, compliance, and execution requirements so their clients don’t have to.
The same situation exists for cybersecurity. When it comes to security operations challenges specifically, more organizations are finding that adopting managed detection and response (MDR) services can radically reduce concerns around security, staffing, resources, and budget.
Bolstering SOCs With MDR Services
The most impactful MDR service providers boast deep expertise across all security domains and industry verticals to help businesses detect threats and respond faster to cybersecurity events, reducing the 204-day timespan CrowdStrike found. At the business level, they help companies shift from a reactive to a proactive defense, increase risk awareness, shorten response times, and remain resilient—all at a predictable cost structure.
Choosing an MDR services provider can be a daunting task because there are many different options. So, if your company is evaluating partners, how do you know you’ll select one that is impactful? The following is a list of standard features you can expect with the leading MDR solutions today:
- Identity threat detection and response speeds up investigations into potential threats.
- Vulnerability management removes logging redundancies and false positives.
- Incident readiness and response provides customized, automated threat mitigation for faster recovery.
- Cloud threat detection and response meets complex cloud security needs.
- Attack surface management provides visibility into your assets and helps uncover new vulnerabilities.
- Threat hunting proactively and reactively identifies suspicious activity undetected by security tools in the client environment.
Additionally, below are some questions your security leaders should ask to determine the quality of an MDR offering and if the MSSP would be a good partner:
- How successful are you at detecting threats that have slipped by our existing preventive controls?
- What response activities are included in your MDR services and what elements are included in that response?
- How do you define “threat hunting,” and what is your process for finding unknown threats in our environment?
- How do you integrate into my technology stack, and are special agents needed?
- Do you offer additional services, such as digital forensics and major incident response?
- What support do you offer for nontraditional technology assets, such as public and private cloud?
Partnering for Resilience
The SOC is the heart of an organization’s cybersecurity defense; it’s where security practitioners continually monitor, detect, and respond to threats. This is why it’s imperative that organizations overcome the challenges facing SOCs today to stay one step ahead of cybercriminals.
Choosing the right MDR partner can mean the difference in whether an organization suffers a cyber incident. Looking for the right capabilities and asking the right questions is the first step toward having a strong relationship with an MDR partner and making the best choice for your business. From there, you can put your company on the path to building a proactive, continuous approach to cybersecurity that builds resilience no matter what threats are banging on the door.
Optiv is a NACD partner, providing directors with critical and timely information, and perspectives. Optiv is a financial supporter of the NACD.
John Pelton is the senior director of detection and response at Optiv.