Managed detection and response (MDR)

As a network grows with an organisation, it becomes a tempting target to adversaries. For many organisations, limited visibility also means they are increasingly vulnerable to costly attacks such as ransomware, data theft and espionage. Failing to see what’s really going on in your environment and not staying abreast of the evolving cyber security threats is a risk to your bottom line, reputation and, in some cases, continued operation

The expense and complexity in defending an environment can be challenging. Many organisations don’t know where to start, they often prioritise the wrong areas and, in some cases, there’s avoidance altogether. The cost of not doing enough can be huge – both financially and reputationally.

Even once the risks have been identified, or a strategy forward is developed, paying for expensive tools and having trained staff able to respond 24/7 isn’t always feasible. Traditionally, this leads organisations to outsource their security requirements to a specialist third party (a Managed Security Service Provider (MSSP)). The downside to this? It can be expensive, you may still get poor outcomes, MSSPs often struggle to standardise, and the technology they run often isn’t first-class.

The solution – managed detection and response

What is managed detection and response (MDR)?

MDR is an emerging service model globally and in New Zealand.

In a traditional Managed Security Services Provider (MSSP) model, the service provider runs the client’s chosen technologies (such as Firewalls and Antivirus agents or even SIEMs) and conforms to the client’s processes and procedures (tickets and reports).

The traditional MSSP model often has several flaws:

• The onboarding process never ends.
• All you get is raw reporting, without context or actionable recommendations.
• The MSSP often just raises tickets back at you.
• You end up spending time managing the MSSP.

The benefits of MDR 

With MDR, you get fixed outcomes and touchpoints. Rather than spending time on trivia and ticket-raising, which can make up a large amount of traditional outsourcing, real threats are looked out for and acted upon - reducing the burden of false positives, saving time and resources. Automation is used to orchestrate, enrich and alert while improving accuracy, speed and reducing costs. Events that would normally take an analyst minutes or hours to research are reported and enriched with high-fidelity telemetry and threat intelligence within seconds.

Speed is vital. The faster you can detect the early stages of a threat the more likely you are able to stop it. Ransomware and other malicious cyber effects are the end-game of a long series set of other activities, all of which leave a trail of evidence. MDR looks at the entire cyber kill-chain for evidence of adversary techniques.

For your internal IT team, it means full visibility into threats against your devices with rapid capabilities to counter them, just managed by Theta. Developing your own continuous security model requires specialist skills that are otherwise difficult to manage and costly to replicate. And in the event of an incident, you are well-positioned to understand and control the situation while responding with speed that puts adversaries on the back foot.

And it doesn’t stop there. Issues that arise might have a tactical solution, such as blocking malware or network containment of devices, but we will raise observations to you that address enterprise risk to make you more resilient to attacks in the future.

At Theta, we’ve seen the advantages of this kind of service model implementation and have the right expertise and experience to do it well. This is more than a security offering, but the very best of cloud, automation and detection engineering. Find out more below about what you can expect from MDR.

 

What does MDR include?

1. Qualified Detections (we weed out the false positives and noise) and only escalate to you when we have exhausted our pre-agreed playbooks.
2. 24/7 x 365 monitoring and response. Adversaries work in all time zones and so do we.
3. Proactive Threat Hunting operated by trained professionals.

Key benefits

• Continuous operations & continuous defences for 24/7 protection.
• Well suited to organisations of all sizes – from SMB to enterprise.
• Better visibility over your cyber security environment.
• Partnership with a trusted local provider for ease of communication.
• Only best-of-breed technology, delivered from the cloud with no on-premise hardware.
• A rapid onboarding process, quicker than a full outsourcing process.
• Well defined deliverables to reduce your risk and provide rapid, valuable insights.
• Input and oversight from cyber security trained and singularly focussed professionals.
• Transparent pricing that enables your business to scale.
• Direct interaction with security specialists to see what we see during an event.
• Continuous feedback to address enterprise risk.

Pricing

Our MDR service is designed to be cost-effective, faster and offers quality results compared with legacy MSSPs or running technology in-house. It keeps costs down because of scale, focuses on real threats, and you’ll benefit from having automation and intelligence experts involved.

For an affordable and effective service that delivers peace of mind that you’re staying ahead of adversaries, MDR is a solid investment. Ready for a conversation about it? Talk to us today.