Intelligent CISO Issue 32 | Page 75

Since MDR isn ’ t a ‘ passive ’ service , close integration with the company ’ s existing cybersecurity strategy means action plans need to be generated .
at unprecedented rates , with cloud storage and USB devices accounting for 89 % of all data egressed . More worrying still , over 50 % of this data was classified . In particular , the 123 % increase in the volume of data that was downloaded to USB devices should serve as a major wake-up call for IT and security professionals , as the inherent portability and likelihood of such devices being misplaced , lost or stolen significantly elevates the risk to sensitive data .
With remote working models set to become the norm for the long term , the growing need for a no-compromise data protection strategy is prompting organisations to re-evaluate how they identify and mitigate against data loss or damage .
Since spinning up a Security Operations Centre ( SOC ) takes time , resources and expertise , enterprises are turning to MDR services in a bid to improve their ability to detect and respond to threats .
Scoping the requirements
With the security landscape growing more complex and the costs of maintaining adequate in-house security teams high , it makes sense for many companies to outsource the tasks of threat hunting and response to MDR providers that can integrate specialist tools like end detection and response , analyse risk and correlate threat data to pinpoint patterns that could indicate a larger attack .
Prior to partnering with an MDR provider , however , companies should undertake a detailed evaluation to define a detailed set of identified needs . This should include consulting with all stakeholders to identify what assets – end-point assets , databases , applications , IP , content delivery – need to be protected and if the technology stack in place is appropriate for an EDR deployment .
Next , clear rules of engagement and SLAs will need to be defined and established .

Since MDR isn ’ t a ‘ passive ’ service , close integration with the company ’ s existing cybersecurity strategy means action plans need to be generated .

Since MDR isn ’ t a ‘ passive ’ service , close integration with the company ’ s existing cybersecurity strategy means action plans need to be generated .
For example , pathways covering how threat notifications from an EDR provider are escalated and actioned together with pathways for intelligence sharing and investigation requests will need to be defined . If there is limited internal capability to respond to potential incidents , to what extent will the MDR provider be allowed to engage with the organisation ’ s environment – in other words , can they take action beyond simply quarantining endpoints ?
Since the provider will be acting as an extension of the IT team , it will be important that security event information is communicated in a way that is both understandable and actionable . In today ’ s volatile threat environment , a weekly retrospective report simply won ’ t cut it – plus , IT leaders will need to consider if API integrations will enable the automated flow of threat data into existing workflows .
Undertaking a detailed internal needs evaluation is essential for organisations that want to ensure they engage only with providers that can offer the tools , capabilities and services most appropriate to their specific environment and protection needs . www . intelligentciso . com
75