Today’s threats are becoming increasingly complex and sophisticated, and adversaries, more cunning and determined than ever. Threat actors, always on the lookout for new ways to infiltrate their targets, are now even using an organisation’s legitimate applications for malicious purposes.
Unfortunately, at the same time, very few entities have the right tools, skills, and processes in-house to manage their security programs effectively and continually, while having to proactively defend against a barrage of new and emerging risks. Simply put, the vast majority of businesses simply don’t have enough resources in terms of time and money to search for every possible threat on their own. After all, this is a task which requires highly qualified and trained security practitioners with the appropriate levels of expertise and experience - and these skills don’t come cheap, are hard to find, and harder to keep.
There are tools available, such as managed detection and response (MDR) services, which notify organisations when attacks or other suspicious events take place. However, this is an inadequate weapon in the fight against cybercrime, particularly when considering the attackers’ advanced arsenal of threats.
Unfortunately, bad actors are relentless, so companies don’t only need 24/7/365 threat protection, they need up-to-the-minute knowledge of the latest threats. And this is where managed threat response (MTR) comes in, as it combines the most up-to-date threat hunting, detection, and response, that is powered by both machine learning and humans to counteract today’s highly sophisticated threats. In a nutshell, MTR takes focused actions on customers’ behalf to neutralise threats, from the simplest to the most complex.
What MTR offers, is an elite and highly knowledgeable team of threat hunters and response experts who take lightning-speed, targeted actions on the organisation’s behalf to neutralise even the most sophisticated threats, such as unauthorised access attempts or ransomware, before they become a serious problem.
On the whole, MDR services simply notify customers of potential threats and then leave it up to them to manage things from that point. On the other hand, MTR augments internal teams with the additional threat intelligence they need and gives customers the option of having a trained team of response experts take targeted actions on their behalf to neutralise any threats.
A good MTR solution, for example, will offer levels of customisation with various response modes and tiers, enabling a good channel partner to tailor threat response to meet the unique and evolving needs of their clients’ organisations, irrespective of company size or internal skill level.
If we unpack how MTR solutions do this, Security Operations Centres (SOCs), for example, never sleep. They are monitoring the systems constantly with a “chase the sun” approach. They don’t go home at 5 pm, which means that South African organisations would have to double up on all these resources to ensure they have at least two SOC analysts running 24/7, which is prohibitively expensive.
Similarly, there are only a handful of companies who can afford to employ ethical hackers on a permanent basis. Companies cannot afford to implement these skills and fill these high-level positions within their teams. The average company will most likely have an IT manager that runs around getting a wide variety of daily tasks done, but can’t afford a dedicated person who is tasked with monitoring security around the clock.
Companies also need to think about penetration testing, and making sure their environment is secure, which ties into staying abreast of the increasingly stringent regulatory environment and compliance requirements we have today. To be compliant with POPIA and GDPR they need to make sure their systems are tested and secure, which will help them avoid falling foul of the regulator and having to fork out massive fines in the event of a breach. Again, MTR takes care of this critical link in the security chain.
However, not all MTR solutions are created equally. Sophos sets itself apart from its competitors in that it realises that threat notification isn’t a solution, it’s a starting point. Other managed detection and response (MDR) services simply notify the company of security events or anomalous behaviours, then leave it up to them to manage these threats from that point. Not Sophos - the company’s MTR backs its clients up with an elite team of threat hunters and response experts who take targeted actions on their behalf to neutralise even the most sophisticated threats.
Sophos’ MTR solution proactively hunts for, and validates potential threats and incidents, using all available information to unpack the scope and severity of that threat. It also brings actionable advice for addressing the root cause of any incidents that may be recurring, and applies the appropriate business context for valid threats. Finally, it initiates actions to remotely disrupt, contain, and neutralise any danger.
At the same time, while Sophos does the work, it allows its users to own all the decisions, giving them the control to determine how and when potential incidents are escalated, what response actions, if any, they choose to take, as well as who should be included in communications. Regular reports are sent to let the company know what is happening in its environment and what steps have been taken to keep it safe.