Professional Documents
Culture Documents
CORP Is MDR Right Organization Ebook US
CORP Is MDR Right Organization Ebook US
FOR YOUR
ORGANIZATION?
An assessment of MDR’s value proposition
for small- to mid-sized organizations
CONTENTS
INTRODUCTION 3 CONCLUSION 10
QUESTION #1 GLOSSARY OF
Does your security team lack CYBERSECURITY TERMS 11
sufficient staff, skill, and budget
to deliver 24x7 services? 5 RESOURCES 12
QUESTION #2
Does your team have the time and
skill to stop cyberattacks? 6
QUESTION #3
Is your team overwhelmed by alerts? 7
QUESTION #4
Do you need to mitigate the
risk of regulatory violations? 8
QUESTION #5
Can you justify the expense of
MDR for your institution? 9
In 2022, organizations worldwide experienced vertical needs to reduce risk. The trouble
493 million ransomware attacks1 and 5.5 billion is that they simultaneously need to reduce
malware attacks.2 Numbers that large tend to complexity and cost.
feel somewhat abstract, but this statistic is
easy to grasp and crystal clear: Nearly three- MDR is an option—but is it right for you?
quarters (73 percent) of global organizations
experienced a ransomware attack in 2022— So, how do you increase protection while
and 38 percent experienced two or more.3 reducing complexity and cost?
You might be thinking, “Those are ‘just’ No doubt, your organization will explore
attacks. What about breaches?” Glad several avenues to improve its cybersecurity
you asked. A staggering 83 percent of posture. However, one avenue that calls for
organizations reported experiencing more your consideration is managed detection
than one data breach in 2022—with only and response (MDR), which some analysts
17 percent claiming that breach as their first.4 consider essential in today’s world.
With MDR, organizations accelerate threat But is MDR right for your organization? The
detection analysis, investigation, and goal of this brief is to help you answer that
response, which can include automated and question by guiding you through these five
managed threat containment and mitigation. smaller ones:
Depending on the provider, an MDR service
can be an affordable solution, tailored to QUESTION #1
meet your organization’s needs. Does your security team lack sufficient
staff, skill, and budget to deliver 24x7
services?
QUESTION #2
Is your security team overwhelmed by
seemingly endless alerts?
QUESTION #3
Is your dwell-and-response-time above
average?
QUESTION #4
Do you need to mitigate the risk of
regulatory violations?
QUESTION #5
Does the ROI of MDR justify the expense
for your organization?
In cybersecurity, dwell time refers to the monitor EDR telemetry, which to the
hours, days, or months that attackers lurk inexperienced can be difficult to decipher.
undetected in your network. Ideally, dwell An MDR team may have years or even
time would be measured in minutes—or, decades of experience analyzing EDR
even better, seconds. telemetry, which is critical: Human expertise
can find and stop attacks that software—no
But your organization doesn’t live in an ideal matter how advanced—misses.
world—and it isn’t alone in the real world.
According to a 2022 report by Ponemon Augmenting your own team with an MDR
Institute, organizations take an average of team of seasoned threat hunters, forensic
207 days to identify a breach and another analysts, and incident responders vastly
70 days to contain it. improves your cybersecurity posture. For
example, they strengthen protection by:
To help reduce dwell time, your organization
might have deployed Endpoint Detection and • Uncovering brute force attacks against
Response (EDR), the de facto cybersecurity remote desktop protocols
standard for endpoint protection. When • Recognizing patterns of unfamiliar activity
properly configured, EDR can stop malware, coming from a single account (indicating
detect suspicious activity, and automate potential compromise)
responses. • Creating rules to block activity they
recognize as ransomware—before some
EDR offers a solid start to protection. new variants have even been identified
However, without experienced cybersecurity and named by groups like CISA or
analysts dedicated to monitoring EDR, the MITRE ATT&CK15
protection it provides falls short of the
protection it was designed to provide.
As established, your team may not have the “Threat hunting is an advanced
time to respond to EDR alerts, notifications, cybersecurity discipline that
and logs. Or perhaps team members lack requires years of experience, a deep
the experience required to analyze this
telemetry. Seasoned professionals can use
understanding of complicated tools,
EDR telemetry not only to stop attacks but to and its own language of complex
detect signs of attacks in progress sooner, terminology. It’s neither a quick nor
thereby reducing dwell time. easy fix to hire advanced personnel
in today’s cybersecurity talent gap—
If you answer “Yes” to #3… skilled threat hunters are few and
The power behind MDR is that it starts with far between. Threat hunting is an
the automated detection and response that
art that takes time, resources, skills,
EDR offers—but it doesn’t stop there.
manpower, and funds that a lot of
With MDR, you partner with experienced security teams just don’t have.” 14
cybersecurity professionals who continually
If your organization is like most, your goal One way to justify the expense of MDR
is to increase your profit. To that end, the is to estimate its return on investment
powers that be demand justification for (ROI). Research suggests that for most
every expense. organizations, MDR pays for itself in
approximately two months, when you factor
Can you justify the expense of MDR? If so, in the cost of internal staff.
by what standard of measurement?
For example, at a cost of $3-$6 per endpoint
Justifying the necessity of improved protection (for 24x7x365 monitoring, investigations,
should not be difficult. Point to the alarming triage, and remediation), an organization with
statistics about the rate of cybersecurity 1,000 endpoints would pay $3,000-$6,000
attacks and cost of breach. As noted earlier, per month. Now weigh that cost against the
73 percent of organizations experienced a expense of hiring and maintaining in-house
ransomware attack in 2022 and 83 percent cybersecurity professionals to work the
experienced more than one data breach.19 same hours and accomplish similar tasks.
A scenario such as this yields an ROI as great
The cost of a breach is staggering. For as 425 percent with a payback on MDR in as
example, the average cost of the ransom few as 2.3 months.16
payment alone in Q1 2023 was $327,883.20
But the ransom payment is not the only cost. In addition, by some estimates and
Other costs include network downtime, depending on the solution, MDR may reduce
legal liability, operational disruption, and the risk of a breach by 99 percent.20 When
lost personal data. When factoring all costs, you consider that statistic against the cost
the average cost of a data breach (across of a breach—which for 2023 is expected to
all industries) in 2023 is expected to reach reach $5 million per incident—deploying MDR
$5 million per incident (up from $4.4 million seems a sensible choice indeed.
in 2022).21
If you answer “Yes” to #5…
To assess whether MDR makes financial sense
for your organization, run a risk assessment,
“The average cost of a data breach calculate the ROI, and see where you stand.
is expected to reach $5 million per
incident in 2023.” MDR offers the following benefits:
• Reduces time-to-value
• Maximizes ROI
Evidence of the clear and present danger • Avoids the high total cost of ownership
of a breach should convince even the most (TCO) associated with creating and running
cybersecurity illiterate of the need for always- a 24x7 SOC in-house
current, always-available defenses. But that
brings you no closer to justifying the expense
of MDR in particular.
1. Detect, isolate, prevent, and remediate Threat hunting is a proactive search for
known and unknown threats threats aided by both machine learning
2. Investigate, threat hunt, and roll back (ML) tools and by trained security analysts.
systems infected with ransomware ML tools automatically and continually
3. Deploy, manage, integrate, and report scan a network to observe user and
with ease device behaviors; the purpose is to detect
anomalous and, therefore, suspicious
False positives are behaviors that incorrectly behavioral patterns that might point to
trigger an alert indicating the presence of a malware with an unknown signature.
cybersecurity threat, which poses a serious Once alerted, analysts investigate the
problem for SOC teams. According to the potential risks to assess the validity of
Enterprise Strategy Group, nearly half of all the ML tool’s hypothesis.
alerts are false positives.
Zero-day threats are software flaws that
Fear of missing incidents (FOMI) is an are vulnerable to attack and have not yet
anxiety or dread that some cybersecurity been patched.
professionals experience because they
simply cannot investigate all of the alerts Zero-day attack is an attack by way of an
they receive; closely related to “alert fatigue.” unpatched software flaw.
(FOMI is derived from “fear of missing out,”
or FOMO.)
Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Much more than malware
remediations, the company provides cyberprotection, privacy, and prevention to tens of thousands of consumers and organizations every
day. for more information, visit https://www.malwarebytes.com.
Copyright © 2023, Malwarebytes. All rights reserved. Malwarebytes and the Malwarebytes logo are trademarks of Malwarebytes. Other marks and brands may be claimed as
the property of others. All descriptions and specifications herein are subject to change without notice and are provided without warranty of any kind. 08/23