The Complexity Trap

The expanding attack surface…

As businesses are increasingly being driven by technology, control over that technology is being lost. As little as ten years ago, most technology was deployed within the walls – and control – of organisations. The walls of the organisation were once a hardened perimeter where access could be tightly controlled, but that is no longer the case. Organisational networks are increasingly hybrid in nature, bridging in-house technology with the use of public and private cloud services, mobile endpoints and increasingly interconnected tools, such as those that make up industrial networks. This greatly increases the available attack surface for adversaries.

The adoption of new technologies is essential to maintain competitiveness and for digital transformation initiatives that aim to take advantage of the power of digital technologies. But it is not just organisations that are looking to take advantage of the latest advanced technologies. Attackers are increasingly using artificial intelligence and machine learning algorithms to make their attacks more successful, along with increased use of bots to automate their tasks. Organisations need to make use of such technologies themselves and provide greater resilience.

…leads to greater complexity

The fear of being hit by a cyber attack or actually experiencing one can galvanise an organisation into action, providing the awareness that is needed for increasing investment in cybersecurity tools. But it also leads to a scramble to invest in point products to solve particular pain points. As many security practitioners will attest, this leaves them struggling to manage too many tools that are often not integrated, preventing them from having visibility over their security posture.

Given the nature and volume of the threats that they face and the need to adopt new technologies to drive digital transformation, many of the tools that organisations must purchase to bolster security are extremely complex in nature, often needing more knowledge and expertise to handle than the standard tools that were traditionally available and that are no longer sufficient. According to Trend Micro, the security tools that are available today must be able to contextualise and analyse indicators of compromise to dig deeper into what really happened and how. Such technologies must be learnt, deployed, integrated and optimised to be effective, yet 47% of organisations surveyed by FireMon report that they are unable to learn or utilise complex new technologies to their full potential. Technology can only add real value if it can be used effectively.

Many such tools are also expensive to procure, draining already tight budgets. Fairly recently, endpoint detection and response (EDR) technologies have come onto the market to help organisations better detect and respond to threats impacting endpoints, which are a favourite target for attackers. Yet, research by Sophos has found that organisations have struggled to use such tools, with 54% saying that they are unable to get the full benefit from their investments, a figure that cuts across organisations of all sizes.

Enter MDR

Once, managed security services were somewhat limited in nature, generally aligned around monitoring and ensuring that controls are working as required, managing such tools on behalf of customers. MDR services shift that paradigm. They are not general in nature, rather helping to address specific problems around threat detection and response, providing access to expert resources who are well versed in the latest technologies, as well as the techniques required for reducing the likelihood that security attacks will be successful.

They are not one-size-fits all. There are those based around specific complex technologies, most notably EDR, those that provide visibility into entire technology ecosystems, and those that provide MDR services alongside other security capabilities in the managed service provider model. Whatever the needs of a particular organisation and its specific security infrastructure, there are services available that will expand and improve the capabilities of any security team. They will help organisations to tackle problems caused by complexity and provide actionable guidance on improving the ability of any organisation to boost their security defences and keep them up to par.

This is the sixth in a series of MDR blogs by Fran Howarth. Links to the previous pieces are below:

• What is MDR and why is it needed?
• The importance of endpoints to security
• EDR v EDR MDR
• Telemetry: the vital ingredient in MDR
• Skills shortages driving the need for MDR services