Managed Detection and Response
Posted May 26, 2020 by Sayers
Network security solutions for most organizations, if we’re being honest, tend to look like my medicine cabinet. Full of vitamins, minerals, and supplements, but as soon as I get a headache, I can’t find the aspirin. Network security looks similar for most companies. The focus primarily stays on preventative measures and technologies rather than expanding the investment beyond these initial safeguards. As Benjamin Franklin once said, “an ounce of prevention is worth a pound of cure.” Prevention is great, but once your prevention capabilities fall victim to an attack, the scale of an incident is reliant on the time it takes your detection and response services to act.
Creating an effective detection and response program isn’t a simple or inexpensive task and the dedicated, highly-skilled staff required to fill an SOC and monitor technologies isn’t always available.
At the recent RSA Conference, I had an opportunity to speak on the Cybrary podcast about the importance of functional cybersecurity hygiene and establishing effective, foundational security. One observation we made was that great CISO leaders know what to manage internally and, more importantly, how to augment their team where specialized skills are needed. Without the IT security budgets of a larger enterprise, many companies have the insurmountable challenge of defending their networks with less budget and personnel.
Sayers MDR Program, powered by Rapid 7
The Sayers Managed Detection and Response (MDR) program was designed to help security teams of all sizes, experience, and budget strengthen their security posture, monitor immediate threats, and stay a step ahead of emerging incidents. The program is backed by the highest level of expertise and technology to help you dynamically detect threats across your entire environment.
The full list of services offered through the MDR program can be found here, but below are some highlighted features that might jumpstart the process of considering an MDR partner.
- Assessments: Through The Sayers Cyber Defense Framework, we can help you understand what your security program looks like today by evaluating what you currently own, how it is being deployed and managed, and where you could mature your security posture.
- Resources: We have a fully developed team of experts and technology at your disposal. The Sayers MDR program, powered by Rapid7, also utilizes the Gartner Magic Quadrant Leading SIEM technology, InsightIDR – providing 24/7 SOC monitoring by expert analysts, providing real-time incident validation, proactive threat hunting, access to a best-in-class threat intelligence infrastructure, and the added resource of a Sayers Client Advisor.
- Efficiency: A managed detention and response program offers you access to the greatest technologies, experts, and partnerships at a fraction of the cost. The implementation process timeline and total cost of owner provides you an above industry average rate of return.
- Security: The Sayers MDR program aligns with the MITRE ATT&CK Framework and uses User Behavior Analytics (UBA), Attacker Behavior Analytics (ABA), and other advanced security benchmarks. We set up easy to deploy deception technologies like honeypots, honey users, honey credentials, and honey files to catch attackers earlier.
Rapid7 MDR aligns to MITRE ATT&CK Framework
User Behavior Analytics (UBA):
Attacker Behavior Analytics (ABA):
5. Timeliness: The average ransomware dwell time between infection of the initial Trojan (often Trickbot or Emotet) and ransomware informing the victim is around 43 days. The Sayers MDR program helps organizations identify attacks earlier where cost is minimal, and attacks can be stopped.
You can find out more about the MDR program here.