According to Gartner, by 2025, 60% of organizations will be using remote threat detection delivered by MDR providers. This represents an increase of 30% from today.
“The reason for this jump is because the cyber threat landscape is expanding and will continue to expand,” says Srinivasan Sreekumar, Practice leader - Cloud and Infrastructure security at HCLTech, speaking at RSA conference.
With an expanding and evolving cyber threat landscape, organizations are unequipped to adequately defend themselves. They lack the right skills and are increasingly relying on MDR service providers who have threat detection, incident response, containment and remediation capabilities.
MDR is supported by several technologies. “One of them is advanced detection capabilities. The second is an automation layer and then there are a number of components like endpoint detection and response, advanced vulnerability management, identity detection and response and cloud detection and response. All of these put together make an advanced MDR service,” continues Sreekumar.
Rolling out a MDR strategy
To effectively roll out an effective MDR strategy, organizations “need the right people, the right processes and the right mix of technologies”, according to Sreekumar.
Attracting talent with the right set of skills and focus on hunting, detection and response, enables organizations to contextualize and understand threats across multiple vectors and effectively respond to them.
"It makes more sense to have the right set of technologies that enable effective detection with the right overlay of the processes, rather than relying on multitude of tools as they may not be effective in achieving the outcome of rapid detection of security incidents,” adds Sreekumar.
A proactive approach to cybersecurity
The expanding threat landscape and the increasing number of threat vectors mean that organizations need to take a proactive approach to cybersecurity. Implementing an effective, automated, MDR strategy is one step in this journey. It could include functions like external attack surface management.
“Knowing how to prevent a cyberattack is the first step. It requires an organization to understand the various weaknesses that are present from an outside-in view by identifying and correlating this with the right level of contextualized threat intelligence,” says Sreekumar.
To do this, there are many tools and technologies available, most of them enabled with AI capabilities, that can help provide visibility into an organization from external in view and highlight any weaknesses before they’re exposed.
The role of HCLTech
To help organizations embrace a proactive approach to cybersecurity and implement an effective MDR strategy, “HCLTech has a built fusionEDR service that we offer to our customers. This service is built on our SecIntAI framework that enables accurate correlation of advanced threats using proven processes across multiple domains of security,” says Sreekumar.