By Chandra Majumdar and Simon Wong
When seconds can make the difference between diligence and operational crisis, are your cybersecurity investments up to the task? With the next big cyber threat always imminent, CIOs should be asking if they have the right partnerships in place to put them at the cutting edge of security and a step ahead of sophisticated attacks.
You’ve invested in endpoint security software and network detection. You have a managed security partner and an incident response plan in place to prepare for the next potentially catastrophic breach. When it comes to cybersecurity, your business systems are safe.
Or are they?
Conventional thinking would say yes. Yet, despite investments in security monitoring — third-party partnerships, infrastructure, and headcount investments — wide-scale breaches continue to happen. It’s never been more important for security solutions and system management to anticipate attacks and stay a step ahead.
In an increasingly cloud-centric world, it’s now critical to actively investigate user activity and access, constantly comparing them with attacker behaviours, instead of waiting for detective technologies to alert you of an attack. Identity has become the new perimeter, and increased vigilance — in how those identities access information via applications, cloud and network environments and systems — is now table stakes.
With more than $6 trillion in cybercrime last year alone, having a tool that alerts against viruses, locks down firewalls and shuts out intruders is a great start. However, large-scale breaches are still happening, and when it comes to cybersecurity, it’s the unknown that poses the biggest risk.
Enter the next evolution in cybersecurity: Managed Detection & Response (MDR) Services. Instead of relying on automated tools alone to flag potential risks flowing into your organization, MDR pairs proactive detection and threat-hunting powered by machine learning with human knowledge and capabilities.
A team of advisors regularly investigates your environment based on currently active threats and provides actionable solutions in real time, using your existing investments in infrastructure and security architecture.
Having an independent tech stack layered on top of these tools acts as an extension of your current toolset and a valuable second set of eyes focused on detection and response, without interrupting or requiring any significant change or further investment in infrastructure or operations.
According to Gartner’s 2021 Market Guide for Managed Detection and Response Services, it is estimated that by 2025, half of all businesses globally will be using MDR services to protect against cybercrime. Here are six ways that a dedicated MDR service, like EY Canada’s security team, can provide the support you need to check your security boxes for peace of mind:
- Immediate response. We get to know your infrastructure. When an immediate threat is identified, we’ll step in within minutes to initiate incident response and containment actions, as pre-determined and authorized by you.
- Zero false positives. Most service providers act as alert gatekeepers, flagging even the slightest suspicious activity. But monitoring for events is where their job ends, and the real work of investigating begins for your team. International Data Corporation is a well-known white paper on the importance of addressing alerts recently identified that as many as 30% of alerts being sent to IT departments in mid-sized organizations are not responded to. With the exponential increase in threats and alert noise, focusing your time on investigations that actually matter is critical. Our goal is zero false positives, using leading technology and analysis techniques and alert you when real threats strike.
- Technical simplification. MDR is an outcome-driven service. Most organizations have more technology tools than needed but lack processes and skills. By achieving more effective detection and response capability, you also have the opportunity to assess your technology landscape for potential redundancy. This is especially true of Microsoft environments. As a Microsoft alliance partner, we’re well qualified and equipped to assess the optimal use of Defender and Azure Security technologies for your organization and assist with implementation and operation as requested.
- Long-term cost reduction. We can provide guidance on different sources of security logs and telemetry that can be cost-effectively incorporated into your analytics for long-term cost reductions, especially where data and consumption-based fees are a factor.
- ICS/SCADA capabilities. Whether or not your most business-critical systems are those running physical processes, rest assured knowing that MDR extends to operational technology (OT) use-cases — including providing detective controls for devices that cannot host software agents of any kind. In the case of OT monitoring, we apply industry and context-specific threat intelligence to our threat hunts.
- Integrated forensics. Once the threat has been contained and recovery is underway, the same team behind incident handling has the capability to perform remote or physical digital forensics. This includes forensic imaging and malware analysis where warranted.
Cyber-criminals did not rest during the pandemic, and it’s unlikely they will in the coming months and years. Globally, EY Canada is seeing continued incidence of email phishing, watering-hole attacks and exploitation of internet-exposed services. However, the speed with which they are progressing from initial access to operational disruption or exfiltration of sensitive data is now being measured in minutes instead of hours.
This means, that for many organizations, the days of having an in-house team able to keep up with current threats are behind us. Companies are learning from the first generation of security partnerships that there’s no one-size-fits-all approach. Today’s modern threats are multifaceted, and when every second counts, you can’t be questioning whether your partner’s capabilities are up to the task.
To learn more about EY Canada’s Managed Detection & Response Services, or for more insights on the future of cybersecurity, visit ey.com/ca/cybersecurity.