Security: adopting a detection and response approach

Martin Riley explains why raising the drawbridge to a cyber-attack isn’t enough on its own

As our digital lives continue to evolve, so does the threat landscape for organisations. Increasingly sophisticated ransomware and phishing attacks now pose a threat to a wide range of sectors, from healthcare to aviation. Simply building cyber security walls higher and reinforcing the entry points to prevent threat actors from breaching business defences is no longer enough for the C-suite.

A case in point is the SolarWinds hack, which saw numerous organisations and government bodies across the UK and US targeted for national-security and defence information to be stolen. Despite the attack having taken place over a significant period of time, it was only discovered a few months after it had begun.

IBM’s Cost of a Data Breach Report highlights the significance of being able to effectively detect how and when a cyber breach has taken place and respond accordingly. Businesses that fail to invest in a detection strategy are typically those that take the longest to discover an attack has taken place. Perhaps most concerningly, the average time to identify and contain a breach is 280 days, with the average total cost of a data breach also sitting at $3.86 million. Within a week, it’s possible for a single malware-infested email to be opened and then escalate into a full-blown crisis, with cyber attackers possessing the keys to the kingdom.

For C-suite professionals, shifting investment to build an ability that assumes breach such, as adopting a managed detection & response (MDR) strategy to effectively tackle the growing number of cyber breaches is becoming an increasingly important requirement.

The role of artificial intelligence in MDR

Moving to a MDR strategy can help an organisation to mature its security posture rapidly and drastically, turning a cyber-attack with potential multi-million-pound losses into a short-lived breach that need not cost an organisation more than a few thousand pounds. To truly understand why an MDR strategy is a crucial investment for the C-suite, it’s important to look at its key components of processes, technology and people.

The underlying processes of an MDR strategy include the deployment and management of incident response, security monitoring, threat intelligence, threat hunting and penetration testing. These solutions work to support standards such as the NIST framework, allowing organisations to identify, protect, detect, respond and recover from cyber threats. Underpinning these services is detection and response technology that is increasingly powered by artificial intelligence (AI) and machine learning (ML).

Under the umbrella of AI, ML models can continuously learn from human behaviour, through data analysis, and react accordingly, and this is no different when it comes to cyber security. Take for example a phishing email that is sent to an organisation by an attacker. With cyber security professionals defining set parameters of what would constitute a risky email, ML can check for key giveaways and either block the email from reaching its recipient or allow it through while flagging it as a potential risk. If allowed through and ultimately proven to be malicious, ML can feed this data back into its model and continuously learn the signs and hallmarks of any future malicious emails that may be sent to an organisation and block future threats.

Technology itself, such as ML, can therefore play a key role in instantaneous detection of a potential new cyber threat and respond accordingly, based on its previous experiences. With attackers also using ML in some cases to improve their rate of success, adopting ML in the organisation is crucial to cover every attack vector that a cyber hacker may explore.

AI can also be applied to the battle against malware. In the case of spyware, where an employees’ activities and information are logged and used maliciously by an attacker, AI can become aware of the compromise and share information with other devices on the company network, providing visibility of its footprint and ultimately protection against further malicious damage by disrupting the existing activities and blocking future instances.

While these technology applications are highly beneficial in powering a detection and response approach, the C-suite has to remember the crucial role that people play in implementing this approach, as machines will never be able to do 100% of the job.

Utilising a hybrid security operations centre

To tackle potential cyber threats, C-suite leaders are likely to have invested in a security operations centre (SOC), a centralised unit of professionals that deals with security issues in the organisation through 24/7 continuous protective monitoring, either in-house or outsourced. Running a SOC in-house can however pose difficulties in terms of skills and people needed, while opting for a completely outsourced SOC may not be suitable for an organisation that wishes to develop its already existing in-house team.

Adopting a hybrid SOC approach leverages the skills of in-house engineers, cyber security teams and the expertise of an external provider to create a complete security centre. Integration with external expertise can allow for access to the people that support the processes they don’t have the in-house skills for, such as threat hunting, threat intelligence, machine learning, analytics and developing security content, while allowing in-house security professionals to focus on other business projects in the organisation. For the C-suite, this approach allows them to develop their employees, enabling them to gain new skills in detection and response from tapping into this external knowledge, while saving costs on hiring a comprehensive in-house team to tackle emerging threats.

Adapting cyber security strategy for a new age

The migration to cloud-based systems and the large-scale shift to remote working has only provided new opportunities for cyber breaches against organisations, and has brought cyber security to the top of boardroom agendas. It’s now imperative for the C-suite to react in kind. Investing in holistic security technologies and stacks that embrace AI and ML at their core while adopting a hybrid SOC approach with bespoke support from the right external provider can provide the basis for a MDR strategy. Raising the defences in a preventative manner now needs to be supported by a comprehensive detection and response approach, ensuring the C-suite can gain true peace of mind when it comes to its organisation’s security posture. 


Martin Riley is Director of Managed Security Services at Bridewell Consulting

Main image courtesy of iStockPhoto.com

© Business Reporter 2021

Top Articles

How a digital revolution is transforming banking and financial services in Asia

Asia has become the hotspot of digital innovation in the global financial and banking sector.

Conscious customers: a year of change and the UK consumer

As the pace of change continues in the insights industry and beyond, it’s clear that the Covid-19 pandemic has not…

Related Articles

Register for our newsletter