Continuous response needed to fight modern threatsF-Secure calls for more ‘response’ in managed detection and response solutions
Helsinki, Finland – March 27, 2019: As the threat landscape continues to evolve, so does the need for organizations’ approaches to defending against the business impact of cyber attacks. In light of this trend, cyber security provider F-Secure is calling for greater emphasis on both the preparedness for a breach as well as fast and effective containment that covers the correct balance of people, process and technology.
“Cyber breaches are now a fact of life for many companies. It’s no longer a matter of ‘if’ a company will be breached, the question is ‘when’. And that calls for a shift in how organizations handle many aspects of security,” said F-Secure Countercept Managing Director Tim Orchard.
Research highlights one current area of weakness as the lack of investment in effective incident response strategies. 44 percent of respondents to a recent MWR InfoSecurity (acquired by F-Secure in 2018*) survey said they invested less in their response capabilities than in threat prediction, prevention, or detection. Only 12 percent said response was prioritized over their other security capabilities.
Continuous response, the art and science of having the right people in the right place at the right time armed with the information they need to take control of the situation, is an emerging concept in cyber security that’s central to boosting response capabilities. The aim is to combine elements of collaboration, context, and control into a fluid process. In practice, this could mean a single team of threat hunters, first responders, administrators and other personnel working together to actively identify and remediate potential threats before they escalate.
“Having the tools and techniques in place to quickly detect, contain and frustrate attacks as they unfold buys you time, and gives you an opportunity to understand the full picture about how attackers are exploiting your weaknesses and moving through your network. And they need to be sophisticated enough to avoid tipping off an attacker that you’re onto them, and prepared to evict them in one concerted push,” explained Orchard. “And it’s important to put these tools and techniques into the hands of the right team if you want them to work.”
The MDR blend of collaboration, context, and control
According to the Gartner’s “Answers to Questions About 3 Emerging Security Technologies for Midsize Enterprises”** report, “MDR is about ’renting trained eyes’ you can’t find or afford to detect incidents that go undiscovered…It’s about finding the 10% of incidents that bypass traditional firewall and endpoint protection security.”
MDR solutions typically offer 24/7 threat monitoring, detection, and response services that leverage advanced analytics and threat intelligence to help protect organizations. Generally, MDR vendors deploy sensors (such as an endpoint agent or a network probe) to gather data from a client’s systems. The data is then analyzed for evidence of compromise and the client is notified when a potential incident is detected.
After detection, clients either respond on their own or bring in external IR teams and approaches, which can include local or remote investigations and forensics, as well as advice on a possible orchestrated technical response. But at best, response activities stop at isolating hosts using EDR agents or firewalling.
But effective solutions can potentially do much more. Treating response as a continuous activity means team members will be in constant communication and collaboration with one another, able to discuss suspicious events happening anywhere within their infrastructure. MDR solutions can facilitate this process, giving defenders the edge they need to stop, contain, and ultimately, eject an adversary.
“Finding a balanced MDR solution, regardless of whether its an in-house solution or outsourced, is key. I think our approach to preparing our clients to assume the breaches have already happened, and then help them hunt down those threats, is the essence of continuous response,” said Orchard. “Getting this right lets defenders evict attackers quickly on their first try, and prevent those adversaries from repeating their attack.”
More information on continuous response is available on F-Secure’s blog.
**Source: Gartner, Answers to Questions About 3 Emerging Security Technologies for Midsize Enterprises, James Browning, 25 February 2019.
Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.
Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.
F-Secure media relations
+358 40 637 8859
Latest Press Releases
New report from EU research group says attacks against AI systems are already occurring, difficult to identify, and potentially far more common than currently understood
Program aims to help IT resellers bring new cyber security capabilities focusing on detection and response to more organizations
Unit head Christine Bejerasco says team’s medium-term focus ensures F-Secure’s products and services proactively evolve to stay a step ahead of attackers
F-Secure is showcasing Countercept, its award-winning, flagship managed detection and response service in America.