The Managed Detection and Response (MDR) solutions offered by security firms today are a far cry from those first deployed by vendors.
To better understand how MDR has grown over the years and the changes Trustwave has implemented to stay ahead of the curve, we spoke with Trustwave's Jesse Emerson, Vice President, Solution Architecture & Engineering.
- How has MDR changed over the years?
Jesse Emerson: MDR offerings have been around long enough to become a formal market recognized and studied by industry analysts and consumed in a mainstream fashion as a key component of security programs. Many MDR providers were born from Digital Forensics and Incident Response (DFIR) teams and relied heavily on Endpoint Detection and Response (EDR) agents for what was primarily a Hunt and Respond type of service. These EDR agents ran in a client/server mode, often with on-premises implementations in a client’s data center. Since then, MDR has merged with traditional wide-scale security threat monitoring services, has benefited from cloud adoption, expanded to real-time 24x7 operations, become broader in detection and response capabilities and more.
Today, MDR is one of the fastest-growing areas of cybersecurity. Gartner estimates that 50 percent of organizations will be using MDR services by 2025 and that the market is growing at a rate nearly five times that of other MSS offerings. As MDR offerings have evolved, providers have increasingly been able to derive important insights and contextual knowledge about threats and vulnerabilities in client environments, improving the organization's threat visibility and ability to rapidly respond to threats in ways that boost cybersecurity resilience.
- What makes MDR such a critical piece of a security strategy?
Jesse Emerson: While organizations continue to need to build their entire cybersecurity program in a holistic manner that is based on solid policy and standards and includes protective measures and education to minimize vulnerabilities and opportunities for compromise, organizations also need to assume breaches and compromises will eventually occur (or already have). Quickly and effectively detecting these compromises and minimizing their impact to business, privacy and safety through rapid response is of utmost importance. An experienced MDR provider has a rapid time-to-value, helping an organization achieve detection and response to threats and therefore achieve ROI, often in a matter of hours or days. Today’s top MDR providers leverage extended detection and response (XDR) platforms that integrate with cloud and hybrid infrastructure. Doing so allows the organization to respond quickly across a broad section of the organization's attack surface instead of being limited to endpoints.
- What threats are organizations struggling with and how does MDR help combat them?
Jesse Emerson: As attack surfaces grow from the rapid digitization of business, often with less centralized control, the need to detect threats before they cause irreparable damage is greater than ever. Amid that, organizations are struggling to find and retain cybersecurity professionals to staff their teams; globally, there is a cybersecurity worker shortage of nearly 3 million.
Many organizations today struggle to manage the proliferation of cybersecurity tools and technologies and have difficulty filtering large volumes of data fast enough to discover and respond to critical cyber threats. MDR helps organizations improve their threat visibility with focused telemetry data being made available at just the right time to enable high-confident detection, streamlined investigations and precise responses to contain and mitigate threats. This capability is especially important for complex, hybrid IT environments where it is difficult to continually secure the full attack surface.
- What Do Trustwave's MDR Solutions Bring to the Table?
Jesse Emerson: Trustwave has been providing MDR services for more than six years, innovating, evolving, and maturing the offerings to achieve maximum value, consistency, and effectiveness for clients.
Trustwave's MDR solutions are based on processes that are field-proven in hundreds of incident response engagements, integrated with market-proven technologies, and provided by seasoned industry experts on a global scale.
Our MDR services focus on personalizing configurations to an organization during deployment and then continually tuning and optimizing all aspects of the client's solution. We do this with proactive touchpoints and named threat experts who build relationships with clients and become extended members of the client security team. The result is an ability to detect what others cannot with minimal noise, enabling fast, consistent, and efficient response actions that stop threats from impacting a client's environment.
Trustwave's MDR services also have a rapid time to value, instantly connecting to client systems and producing outcomes in as fast as 10 minutes. In addition, Trustwave’s MDR offering include market-leading Service Level commitments for mean time to assign (MTTA) and mean time to respond (MTTR). And these responses are tailored to an organizations' unique environments and response protocols. Beyond that, MDR clients are typically fully onboarded in as little as 10 days – much quicker than the industry standard.
Trustwave MDR clients benefit from curated threat intel (data on threat actors, malware, and vulnerabilities from around the world, including malicious URLs, IP addresses, file hashes, and more) from Trustwave's broad client base, extensive Intel-sharing relationships, and our elite SpiderLabs research teams. All of this threat intel is stored in our Global Threat Database (GTDB) and seamlessly integrated into the delivery of the MDR service, powering real-time detections, threat hunts, and investigations.
MDR clients also receive access to Trustwave Security Colony. This online platform captures anonymized deliverables, templates, and benchmarking information from hundreds of cybersecurity consulting engagements as well as direct contributions from a community of clients. Giving clients access to these resources jumpstarts maturity at a pace only achievable through crowdsourcing.
Unlike many MDR providers, Trustwave has a broad portfolio of services that complement MDR. These offerings include Co-managed SOC, Firewall & Technology Management, Penetration Testing, DFIR and a host of Consulting and Professional Services offerings. Packaged together, Trustwave becomes a highly valuable partner who can meet clients wherever they are in terms of maturity, across a broad set of cybersecurity needs, and grow with them over time to increase cyber resiliency.
- Where does Trustwave MDR Go From Here?
Jesse Emerson: Cybersecurity threat actors never sit still, and our offerings need to be agile and evolve at pace. Trustwave will continue to innovate its MDR offerings, adding features and extending the ways clients benefit from the solutions. Detecting and responding to threats is extremely important, and we'll continue to improve both the fidelity and the completeness of detection as well as the ways we can stop threats from causing an impact on our client’s businesses and operations. But, since this is only one part of an organization's cybersecurity program, expect Trustwave to also bring clients tools that facilitate zero-trust architectures, address real-time exposure management, and help manage risk through the continued convergence of IT and OT/IOT.