The world in general is a crazy place moving into 2022. Social media continues to infiltrate our lives and influence what we do, how we behave and what we believe in. The COVID-19 pandemic continues to impact how we go about our everyday lives. Climate change remains a concern for our long-term futures and more importantly those of our children and our children’s children.
What about cyber security? Does it belong up there with such issues? I would absolutely say yes. The work we are doing is more important and every week it seems, security issues gain more and more credence at the board level of businesses. And why shouldn’t they? For so long governments across the world have waged war on drugs. But as criminal enterprises go, cybercrime is safer, easier and has far less barriers to entry.
The impacts on society as well are beginning to be felt by those outside of the compromised businesses themselves. When we think about Colonial Pipeline and other incidents since that affect the very basic things, we just expect to be stable in our lives – fuel, water supply, power supply, food, technology components – the list goes on and all these things now can be disrupted in a matter of minutes. Then more recently the role of cyber-attacks in the Ukraine/Russia situation, something that now underpins modern conflict between nation-states. Cybersecurity has never been more important to preserving our way of life.
Managed Detection and Response (MDR) has long been touted as the solution, yet as a concept, we still feel it has a lot of growing up to do. And alongside it, our concepts of MDR have to also be perhaps re-aligned.
Firstly, we need to understand what all this jargon means. You can find our thoughts on that here. Then we need to really understand what we are expecting from MDR as Pete Shoard from Gartner outlines in his blog here. After that, it is up to leading MDR providers like Orange Cyberdefense to meet those expectations and in many cases, to take the lead in redefining those expectations.
For me, 2022 needs to be the year that MDR grows up. And here is how.
Cloud is a mega-trend. It is not a detection source. AWS alone has over 200 services now. So, saying “I want to monitor AWS” doesn’t quite cut it. Similar notions apply to Microsoft, Google, and any other cloud provider.
The main message of MDR we push to our customers has always been to “do the basics right”. Customization can come later, but the majority of threats we face today will come via pretty standardized techniques. Cybercrime is big business and that means that the ecosystem needs to scale with demand. Which in turn has spawned “businesses” such as Ransomware-as-a-Service. Focusing on key, common threats is a good place to start.
And when it comes to cloud, that same mantra holds true. The basics in this case might be slightly different, but there are still key things we can do that will have a huge impact on stopping attacks before it is too late. Examples like:
There remain different ways (all within the capability of the traditional SOC triad of log, endpoint and network-based detection) to detect attacks in the cloud but we should start with the risks.
And in summary, “the cloud” is not a risk. It is a source of many risks. And so, we need to recognize the risks to detect them and respond accordingly. If you’re interested to know more, come, and talk to us about the risks we see that should be addressed in cloud security at different security maturity levels. We’ll help get you started with a comprehensive detection strategy, whether you’re an Azure, AWS, GCP, or a multi-cloud house.
So much effort goes into providing MDR services to a high standard. My heart sinks whenever we get asked to “support” a technology. The outcome is what is going to make the difference. We get it, you invested a lot of money in a bunch of tools. But when the plumber comes to fix the leak, do you hand him the tools and say, “fix the leak with these tools please”? Or do you just tell the plumber to fix the leak?
It takes a lot more than technology to provide an agile and scalable service that delivers on the outcomes promised. Some key elements that really make MDR work are:
I’ve given you our view at Orange Cyberdefense. Now ask yourself honestly. Who is going to give you the best outcome? The one who supports your set of platforms and does whatever you ask them to? Or the one who brings all the above to the table?
Okay, maybe both might be achievable. But give me the outcome over the tech, any day of the week.
Read more in part 2, coming to you next week!