Managed Detection & Response

June 8th, 2021
Managed Detection & Response

Last year, one quarter of organizations experienced a breach of employee and/or customer data. A further 38% of organizations did not know whether or not they had experienced a breach.

Those are some pretty terrifying statistics. They help illustrate why so many cybersecurity experts are recommending Managed Detection & Response (MDR).

What exactly is MDR? How can your organization use it to keep your most valuable data secure? And what are some of the differences between MDR services? We’re going to answer these, and other questions, in this brief piece.

What is MDR?

To understand MDR, it’s a good idea to think about cybersecurity in the same way as traditional security. With traditional security, there are all kinds of measures in place to keep people from breaching the interior of a facility. Alarms on doors, physical barriers, and locks all exist to stop would-be infiltrators from penetrating the building’s perimeter.

Those security measures aren’t as useful when the perimeter of a building has successfully been infiltrated, however. That’s why you have security guards and cameras in the building, monitoring rooms for suspicious activity.

You can think of firewalls, antiviruses, spam filters, and internal security practices as the barriers that stop hackers from infiltrating the perimeter of your network. In other words, they stop computers outside the network from gaining access to the network. You can think of MDR as the security guards and CCTV cameras inside the perimeter of your network - they spot activity occurring in the network that isn’t supposed to be there.

Lateral movement

Hackers will rarely gain access to the juiciest bits of information right away - just like a burglar who breaches the front door won’t instantly be able to access any vaults. One of the differences between a hack and a classic heist movie is that once hackers gain access to a network, it can take them months - or even years - to complete their infiltration and gain access to the files or credentials they’re looking for.

To do this, they use the machine they’ve gained access to as a foothold to access other machines. They’ll send out scans to find vulnerabilities, like open ports. They’ll then move from their foothold to another device on the network. These are called “lateral movements” - they’ll continue to move laterally until they reach a worthwhile target.

How MDR can stop lateral movement

Lateral movement takes time. To most security software, however, lateral movement is virtually undetectable - it just looks like regular network activity. When you have MDR, however, you have a service that’s actively looking for strange network activity - like when a computer that normally only sends out requests to a few devices suddenly starts scanning the whole network. With MDR, you get 24/7 monitoring, and a flesh and blood team of security experts working to keep your network safe.

There are a number of differences between the various MDR services available. One thing to note is that some include automatic remediation (threat response) in their subscription fee - with no action required by the company. Others may require an authorized party to allow remediation, and remediation itself may incur an extra charge.

Given the increase in cybercrime over the past year in Manitoba, we believe in acting now - “Because Tomorrow’s Too Late®”. If you’re looking for IT services in Manitoba, including MDR, give us a call today.