MDR and Its Significance in Digital Transformation

What is MDR?

Managed Detection and Response (MDR) was created in response to the need for a service that could address cyber threats that traditional Managed Security Services (MSS) could not detect accurately and respond to. This service is a combination of technology and skills that deliver advanced threat detection, faster mitigation, deep threat analytics, global threat intelligence, and collaborative breach response 24x7x365.

It is important to remember, however, that MDR was not developed as a replacement for traditional MSS such as log monitoring, log management, security device management, and vulnerability scanning. MDR enhances MSS with focus on detecting and responding to breaches by making use of technology and services on security analytics, threat intelligence, and response orchestration that complement existing MSS technology.

Netswitch has been named by the Gartner Group as a market representative provider in the MDR space. Netswitch’ SaaS offering is based on the company’s Securli Advanced Threat Protection platform and SecurliXF extended threat intelligence service. The service correlates disparate data feeds from different sources to provide predictive threat intelligence along with monitoring, incident response and remediation capabilities.

Netswitch MDR service follows the NIST Framework for Improving Critical Infrastructure Cybersecurity or what is more popularly known as the Cybersecurity Framework.

What is the NIST or Cybersecurity Framework?

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) developed a framework“with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base.”

This is a voluntary Framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. It is a prioritized, flexible, and affordable approach that helps promote protection and resilience of critical cybersecurity infrastructure and other sectors that are important to the economy and national security.

This framework has been proven to be “flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state and local governments.”

The NIST or Cybersecurity network is a collaborative effort that involves stakeholders from government, industry, and academia.

In May 2017, President Trump issued the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, directing all federal agencies to use the Cybersecurity Framework.

How does Netswitch deliver MDR?

At Netswitch, we take a multi-layered security strategy called Defense-in-Depth. This concept is based on what is taught in the military that in battle, the enemy cannot easily break through a complex and multi-layered defense system.

Defense-in-depth, therefore, protects an organization’s most important data with many layers of security while less important data may be less restricted.

What is the benefit of Defense-in-Depth?

Having a multi-layered strategy means the organization can tailor security to different levels. Not all data needs to be completely secure. Proprietary and confidential information are typically the most critical assets of a company and these can be protected by the most restricted settings in Defense-in-Depth.

There is no single solution that can prevent a cyberattack on organizations. There will always be exploits and vulnerabilities. With Defense-in-Depth, even if one system fails, there are other systems that remain functioning.

Three-step defense-in-depth strategy for prevention and response to network attacks:

1.    Use a smart firewall for external threats

A smart firewall offers more protection compared to a traditional firewall because it can look inside content rather than just block content based on sources and destination. It acts as your gatekeeper and first layer of defense shielding your organization from different types of attacks. It should stop unsolicited traffic from accessing your network and only allow responses to traffic originating from “known” sources.

A smart firewall can scan emails and catch malicious traffic coming into your network like rogue links to infected and intentionally harmful websites, attachments with malware, and phishing emails that manipulate recipients into providing credentials or divulging private data like passwords or key account information.

A smart firewall can also operate bidirectionally – it can also detect suspicious outbound traffic. It can catch embedded netbots that are trying to communicate out of their command centers. This allows you to catch infections on the way out and results in apprehen