Mind the Gap How Managed Detection & Response Helps Enterprises Mitigate Cybersecurity Staff Shortages

Chad Roesle, Director of Product Management, Secureworks

Chad Roesle, Director of Product Management, Secureworks

While enterprises worldwide continue to grapple with labor shortages, nowhere is the impact being felt more keenly than in enterprise cybersecurity.

According to (ISC)2, an international nonprofit association for information security leaders, there were 4.19 million cybersecurity professionals worldwide in 2021; however, another 2.72 million are needed [1]for enterprises to adequately defend critical assets. As such, (ISC)2 estimates that the global cybersecurity workforce needs to grow 65 percent to effectively defend the critical assets of enterprises.

Meanwhile, the lack of skilled cybersecurity professionals is driving up wages and making it even more difficult for enterprises to find, hire and retain the help they need. Instead, many organizations are turning to managed detection and response (MDR) solutions to fill the gap.

MDR gives enterprises remotely delivered security capabilities to detect, investigate and respond to cyber threats – a virtual 24x7 security operations center (SOC). In most typical enterprise environments, cybersecurity defenses are an amalgamation of systems and solutions that all track and report different security information.

By contrast, MDR either supplements or completely replaces in-house security teams with dedicated security professionals who have the latest threat intelligence, enabling enterprises to streamline operations and free up internal resources to focus on broader IT, security, and transformational initiatives. Indeed, MDR is quickly becoming a valued resource for enterprises worldwide, with Gartner estimating the market will grow in value from $1.03 billion in 2021 to $2.15 billion in 2025. [2]

Scoring the winning basket

While many enterprises are embracing MDR, the holdouts are often companies that have visions of building an in-house SOC made up of security experts who will monitor their environment, triage threats and remedy things that are found 24x7. But there are several issues with that vision.

  • MDR gives enterprises remotely delivered security capabilities to detect, investigate and respond to cyber threats – a virtual 24x7 security operations center (SOC)

For instance, enterprises simply can't hire enough skilled people at competitive salaries to build a security team. In many cases, enterprises attempt to overcome budgetary hurdles by attempting to hire security specialists who also perform IT functions. However, there are some drawbacks to this approach. For example, businesses need to ensure that those in-house resources have the capacity to balance both their IT and cyber security duties. Security cannot be treated as an afterthought. Also, businesses need to have a contingency in place for vacations, illnesses or people leaving.

Regardless, even if a business opts for an in-house SOC, they need to be mindful their new hires possess a good understanding of their security architecture, IT and cloud infrastructure. Managing different networks and technologies on a 24x7 basis can also be tiring. Staff retention is vital but many risk burnout due to the intense workload.

This is all compounded by the fact that in-house resources are faced with a deluge of threats on a daily basis, and without the proper intelligence and resources in place it’s difficult to identify threats and address incidents. Especially when the threat landscape is constantly changing as threat actors evolve and become more sophisticated over time.

By relinquishing that vision, enterprises can instead use MDR to take advantage of skilled, trained security professionals whose entire line of work is cybersecurity. To use a basketball analogy, MDR security personnel don't shoot one basket a day. They shoot baskets 24 hours a day, seven days a week. As such, they see, understand and correlate security research and data for companies all over the world.  With this telemetry observed from other organizations (across a vast array of industries and environments) forming a type of collective defensive strategy.

Through this collaborative relationship with MDR providers, enterprises gain visibility into the latest threats so effective measures can be implemented. Not only does that visibility provide a holistic view into what's occurring across the threat landscape, but it also provides improved visibility into what's occurring in a context of a particular customer's environment.

Understanding the bigger picture

MDR offerings can also benefit enterprises because they typically have a wider lens than disparate security solutions that only focus on a part of a company's infrastructure. MDR provides enterprises with holistic visibility into all such solutions, including network, endpoint, and cloud technologies. Doing so creates a single comprehensive view of the entire organization, correlating activity to determine whether threats exist.

Many companies have jumped into the MDR market; however, there's wide disparity between the solutions and their capabilities. Enterprises looking for the most comprehensive MDR solutions should zero in on the following factors:

● Technology platform: At the heart of a good MDR offering is a platform that can ingest data from multiple telemetry sources (endpoint, cloud, network, email, identity, etc.) and then correlate the data to prioritize the threat alerts that put organizations at most risk.

● Superior detection: A good MDR solution not only detects all the potential threats that can evade an organization regardless of starting point, but then identifies those that are most likely true positive.

● Security Expertise. It’s important to find a provider equipped with experienced security analysts who understand the tactics, techniques and procedures used by adversaries.

● Incident response: A good MDR solution will identify critical events. But what happens after a critical event has been identified is equally important. Incident response (IR) refers to the steps taken to prepare for, detect, contain and recover from a breach. A good MDR offering will have close ties into a strong IR team should a breach occur.

● Collaboration: A good MDR offering should provide flexible options for enterprise teams that don't want to be involved with security at all, as well as those that want to take part and be actively involved in the investigation and remediation of alerts – and everything in between.

Without question, cybersecurity is on the mind of virtually every enterprise, regardless of size, location or vertical. Indeed, the Allianz Risk Barometer shows the top concern for companies globally in 2022 is cyber incidents[3]. Moreover, for the first time in its history, the shortage of skilled cybersecurity workers broke into the top 10 risks at number nine. As enterprises look to overcome these challenges and more, managed detection and response solutions will continue to grow in importance.