Supporting the Growth of Managed Detection and Response Services
Gartner says it best in its most recent Market Guide for Managed Detection and Response (MDR) Services: “Managed detection and response improves threat detection monitoring and incident response capabilities via a turnkey approach to detecting threats that have bypassed other controls. Security and risk management leaders need to understand this service and its implications for their environments”.(1)
WHY ARE BUSINESSES TURNING TO MANAGED DETECTION AND RESPONSE?
What’s changed in the threat landscape that’s driving the need for improved threat detection monitoring and incident response? Well, one example is fileless malware, which enSilo addressed in an early 2017 blog post. Fileless malware highlights the need for post-infection protection. A common attack vector leverages an evasion technique and an in-memory floating executable, as opposed to malicious executable files, and can bypass pre-infection AV and NGAV solutions. According to a 2017 report by the Ponemon Institute, fileless attacks were 10 times more likely to succeed than file-based attacks.
Another example is the WannaCry ransomware attack, which highlights the need for automated detection and response. WannaCry ransomware was able to deploy, encrypt and propagate to other machines in seconds. With manual, people-intensive, endpoint detection and response systems, the damage has already been done by the time they alert you to contain and hunt down the attack. For more information on ransomware attacks, read the enSilo Guide to Understanding Ransomware.
How enSilo Helps MDR Providers
What are some of the benefits of partnering with an MDR? MDR providers that I speak with, highlight several benefits, three of which are breadth and depth of security expertise, deep understanding of the latest threats through a constant exposure to a diverse environments, and rapid response and remediation.
On top of providing a market-leading automated endpoint security platform, enSilo continues to enable MDR providers with the capabilities they need to deliver strong and differentiated services. In version 3.0 of the enSilo Endpoint Security Platform, multi-tenancy management gives service providers even greater value by enabling them to operationalize the industry's only endpoint platform with pre- and post-infection protection. It also helps providers better leverage their investment in computing resources by managing multiple customers from a single management instance, thereby reducing operating costs.
In addition, multi-tenancy management and accelerates customized incident response across multiple customer environments so providers can differentiate service offerings with faster incident response SLAs.
Additional ways enSilo helps MDR providers include:
- Enhanced service delivery through automation - enSilo’s Endpoint Security Platform automates operational functions required to deliver managed endpoint security at scale. Analysts, support staff, security engineers, incident handlers, forensics and threat investigators can utilize a common platform to effectively respond to customer needs.
- Simple integration with back-end systems - enSilo’s Endpoint Security Platform allows for easy operational integration, via syslog, emails and REST APIs, to existing provisioning, billing, NOC, SOC, and support and customer portal systems and processes.
- Real-time, automated response - enSilo’s real-time blocking and remediation capabilities enable you to offer differentiated incident response SLAs with services delivered in minutes, not days or hours.
Two recent pieces of research from Gartner highlight the importance of adding detection and response to your endpoint security stack and the benefits of working with managed services providers. Gartner analyst Peter Firstbrook, in his article, “Roadmap for Improving Endpoint Security”, recommends focusing on detection and response as a way to improve endpoint security. Analyst Kelly Kavanagh, in the collaborative article, “Market Guide for Managed Detection and Response Services”, says that “By 2020, 15% of organizations will be using MDR services, up from less than 5% today.” Clearly, detection and response is a growing and important business and enSilo is helping MDR providers offer real-time automated endpoint security as a managed service.
(1) Toby Bussa, Kelly M. Kavanagh, Sid Deshpande, Craig Lawson, Pete Shoard, “Market Guide for Managed Detection and Response Services”, Gartner, Inc., June, 2018