Threat Containment, an Essential Component of MDR for Cyber Resilience

David Calder (Chief Product Officer) and Rory Shannon (Managed Services Director) at Adarma discuss the rising awareness of Managed Detection & Response (MDR) services among business owners, looking at the introduction of a containment component to detection and response solutions as a means of increasing cyber resilience.

During the pandemic, organisations have increasingly relied on cloud-based storage and compute, software as a service, and other digital platforms. That’s had a considerable impact on business operations. Many companies are more efficient than ever before, with simple video-conferencing calls taking the place of lengthy face-to-face meetings, and instant document sharing and communication tools allowing seamless collaboration. However, their use highlights associated vulnerabilities – presenting new ways for hackers to access valuable data, both indirectly and via targeted attacks.

This kind of attack can significantly impact business credibility. GPS specialists Garmin underwent a WastedLocker ransomware attack in July 2020 that shut down its operations globally, as well some production activity in Asia. Consequently, it’s entire range of consumer tech products were unable to sync data with Garmin servers, while pilots were unable to download the latest updates for airplane navigation systems.

Given the substantial reputational damage that cyber incidents can cause, it’s not surprising that awareness of and appetite for MDR services has grown over the past 12 months. Gartner’s latest Market Guide for Managed Detection and Response Services (August 2020), revealed a 44 per cent growth in end users’ enquiries around MDR services.

While these services are important for organisations that lack time or resources to expand their capabilities, or are unfamiliar with the specific threats active in the current threat landscape, they cannot be a replacement for having strong security monitoring and incident response measures in place. It’s pointless being able to identify the threat more quickly if you cannot then limit its impact on the business!

Threat containment is therefore crucial in responding to an attack, and ultimately mitigating risk. Traditionally this is the responsibility of the customer, but at Adarma we continue to invest in maturing all our services to add the greatest value to our clients.

By immersing ourselves in our customers’ businesses and technologies, we are able to create bespoke and fully automated threat containment structures, tailored to reduce the time to detect, contain, and respond to any attacks when compared to more traditional MSSP approaches.

By moving from the a simpler position of “detect and escalate” to “detect, contain, and respond”, we now help our customers establish lasting structures, processes and defensive actions, proactively safeguarding their most valuable assets when – not if – they fall victim to an attack.