Developing and maturing an effective detection and response programme is not an easy task. It requires a dedicated SOC, staffed with highly skilled and specialised security experts, and round the clock vigilance with the best technology to keep away the stealthy attackers.
Creating such a programme is not cheap and it might be not fool proof. A lot of questions about how the attacks happen despite the detection and response in place remain unanswered, and this event provided insight to some of those important questions.
Naveen Bharadwaj, Director, Strategic Partnerships, Spire Solutions introduced the speakers.
Khalil Farhat, Security Solutions Engineer, Rapid7 delivered the introductory session. Farhat discussed the changing nature of businesses due to digitisation. He pointed out that technology is evolving on a fast pace and security plans need to match that evolution. Farhat highlighted that there is a huge gap between managed and unmanaged risks.
Attack and risk surface both are getting larger and cyberattacks are increasing day by day. Businesses need to ensure that organisations and employees are protected against cyberthreats.
Farhat spoke about how security teams are facing complexity more than ever. Some of the challenges faced by the security teams are the lack of visibility, noisy alerts, and long investigations.
Matthieu Rider and Richard Harris
Matthieu Rider, Director of Sales Engineering, Rapid7 and Richard Harris, Director of MDR-EMEA, Rapid7 held an interesting discussion on Detection and Response, whether to outsource or not.
Rider highlighted challenges in Detection and Response, D&R, and pointed that there is a shortage of cybersecurity talent globally. Harris said that having 24/7 vigilance is one thing but keeping people engaged while on duty is another task. Retention of security team is also a key part of security strategy.
Having thousands of security alerts is not helpful in preventing cyberthreats. Harris highlighted that D&R solution should prioritise alerts and identify high risk attacks. How to make threat alerts relevant to your operations is also a challenge, he added.
According to Harris good threat intelligence needs to be accurate, relevant and on-time. He added that response is about making changes to the environment quickly and now much more focus is coming on orchestrated actions at the time of response. According to him, the most effective programme is a working partnership between customer and MDR partner, the closer the partnership, the better it is.
The discussion highlighted the importance of doing proper due diligence of MDR. Rider also mentioned that organisations should be avoid MDR providers who are selling capabilities they can’t deliver, it should not be a marketing exercise.
Live demo of InsightIDR
Farhat provided a live demo on Rapid7’s InsightIDR. InsightIDR helps in early detection of threats and cuts out irrelevant alert noises. It also simplifies visibility to enable easy identification of infiltration.
The event was concluded by a Q&A session. Harris mentioned today MDR services are cost-effective and every business needs D&R capabilities whether in-house or outsourced. Rider stressed that breaches are inevitable, and the existing preventive measures are not always effective and hence organisations need to look at strong partners who can help in lowering the risk and D&R plays an important part.