The Evolution of MDR – Beyond Detection and Response
By Randy Watkins, Chief Technology Officer
In the realm of cybersecurity, a constant shift between reactive (detection) and proactive (prevention) strategies has been the norm since inception. Starting with traditional anti-virus (reactive) in the late 80’s, followed by firewalls (proactive), IDS (reactive), IPS (proactive), and more recently EDR, NDR, XDR, and MDR (all reactive), the cyclical nature of security controls have been a response of necessity.
Adapting to Changing Landscapes
This shift in focus can be attributed to three factors:
- Under-Resourced Cybersecurity Teams: The scarcity of skilled professionals and resources forces security teams to align their priorities with available means.
- Cybercriminal Advancements: Evolving Tactics, Techniques, and Procedures (TTPs) from attackers are driven to outsmart preventive measures and evade detection.
- Technological Progress and Vendor Competition: Under-resourced security teams and evolving attacker TTPs, along with advancements in AI and machine learning, have created demand for new solutions in a competitive market.
This dynamic environment results in a cycle where new TTPs are countered, then replaced by even more elusive methods. This lag provides attackers with a window of opportunity, increasing business risk.
Mitigating Risk through Frameworks
One of the primary concerns for security professionals is preventing breaches that disrupt business operations. Many organizations adopt frameworks like the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) to improve their security programs. Comprising Identify, Protect, Detect, Respond, and Recover pillars, the framework offers a structured approach to reducing cyber risks.
MDR: Meeting Complex Threats
Even with traditional threat-based security measures, 67% of organizations faced cyber incidents in the past two years (Critical Start’s 2023 Cyber Risk Confidence Index). In response, many turn to MDR providers to recognize return on investment (ROI) and mitigate risks. Evolving from compliance-focused Managed Security Service Providers (MSSPs), MDRs offer expertise and action, containing threats and reducing attacker dwell time.
Aligned with the "Detection" and "Response" categories of NIST CSF, MDRs act as a force multiplier for organizations' security operations with a 24x7x365 human-led mitigation team that can act on their behalf.
Balancing Future Priorities
The pursuit of cyber-resilience has given rise to cyber exposure management programs where organizations view their entire attack surface and understand which areas in their IT infrastructure are most exposed to threats. By integrating new and existing controls, organizations aim to bolster their security stance through risk mitigation and remediation steps. However, resource shortages might delay full realization of this objective.
The Path Forward: Managed Cyber Risk Reduction (MCRR)
Given MDRs' success in enhancing "Detection" and "Response," a similar approach can be applied to proactive controls aligned with the "Identification" and "Protection" pillars of NIST CSF. This advances security maturity and also communicates measurable progress and risk reduction to leaders.
MCRR emerges as a pragmatic, measurable alternative. Building upon MDR, MCRR combines cyber risk monitoring tech with a human-driven risk and security operations team. Aligned with NIST CSF, MCRR enables a holistic approach to risk management and cybersecurity strategy. In a dynamic risk landscape, MCRR stands as a practical, measurable investment, guiding organizations to conquer the challenge of cyber risk.