Last updated at Thu, 27 Jul 2023 13:21:04 GMT
This blog post is part of an ongoing series, MDR Vendor Must-Haves.
By the time you’re ready to invest in a Managed Detection and Response (MDR) service, you’ve likely already invested in a number of different security tools aimed at preventing threats and detecting breaches. MDR is a continued investment in this technology, not always a pure replacement. MDR is a complement of any program with a “defense in depth” technology stack.
When designing modern submarines, the Navy uses a thought process of "assume breach," meaning at some point a flood door or bulkhead will fail and there needs to be multiple failsafes to ensure adequate protection.
The same is true for a security program. Utilizing an “assume breach” mentality in the network, instead of just having a firewall at the perimeter and endpoints on the interior of your network, the defense in depth strategy would layer a firewall with an IDS/IPS, EDR on the endpoint. Then, going further, you would look beyond point solutions to include network segmentation, strong passwords, patch management, etc.
The best MDR providers will want to use all that data as part of delivering their service because it improves threat detection and validation accuracy. More data means more visibility, more ways to correlate threats, and more ways to track attackers.
This includes ingesting your cloud services data. The modern network extends beyond your perimeter. Software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) are now the norm for the modern enterprise.
To complicate things, your users are mobile, working remotely and traveling while using traditional remote access solutions (in addition to modern cloud-based services). Your MDR provider must be able to identify and respond to threats regardless of where these threats are materializing.
How Rapid7 MDR can help
Rapid7 MDR is able to utilize existing security technology investments to gather more—and deeper—logs and event data into activities across the user, endpoint, network, and cloud layers. This allows our team to perform further collection, correlation, and analysis than what is solely enabled by the Insight Agent.
It’s important to ensure your cloud services are ingested and monitored by your MDR provider. Your operating footprint has moved outside of the traditional four walls. Any vendor you choose must adapt at a similar pace. Our MDR service is designed to monitor your expanding enterprise network, including data, applications, and endpoints—wherever they are. With many businesses moving data to the cloud, your managed security services should be able to find threats wherever the data lives.
