Blog A3Sec

Challenges of MDR Services in the New World of Extended Services

For some time now, the concept of artificial intelligence has been heard globally and it is now very common to find news about it in many places. From an autonomous car that allows the driver to go to sleep to robots that have more and more independence and are able to establish a conversation with someone, thus obtaining all the knowledge for their own training

These techniques are already being applied today in many fields around the world, for example climatology, medicine and finance, giving much better performance.

But what would happen if, when using these new technologies, someone with malicious purposes gets hold of them and alters their purpose?

For example, if an autonomous car is programmed to identify the stop of a traffic light and is manipulated so that it does not stop indiscriminately at the red light, the damage caused would be irreversible, and in the worst case scenario, it could even cause the death of the user.

From a cybersecurity point of view, defending against an artificial intelligence attack is no easy task, because we must not forget that these programs work 365 days a year without rest, continuously learning to fulfill the purpose for which they were designed. Undoubtedly, they are a new threat and have a great danger in the world because they are able to work faster and more effectively than human beings themselves.

This is already happening on a daily basis and it is now more than necessary to use these artificial intelligence techniques to protect our systems and thus fight fire with fire.

 

“He who knows how to solve difficulties solves them before they arise. He who excels in defeating his enemies triumphs before their threats materialize."
-Sun Tzu

 

Today, being protected against cyber-attacks is no longer a luxury but a pressing need for both ordinary users and companies.

The systems in charge of monitoring these activities are in continuous evolution, changing different factors to increase their effectiveness. Some of the working models of these tools were based for a long time on alerts, but this, despite being a good method of action, has now been reevaluated. This is mainly due to the immense amount of false positives that can occur, the high cost of trained personnel and the fact that it is a manual work.

Companies today not only need a tool that issues reports of possible alerts, they require a comprehensive tool that will also help them detect and respond to threats.

 

What is MDR?

An MDR or managed detection and response service, unlike other monitoring services, does not wait for cyber-attacks to occur; it will anticipate and consider the different criteria, such as: visibility, detection capability, fidelity and response, mixed with the key tools, already mentioned, and thus help to implement the digital transformation for processes and organizations, which will be protected 24 hours a day, 7 days a week.

 

How does an MDR work?

The MDR is based on four principles to defend against threats:

  1. Prevention and preparedness:
    This defines the sources of information that will form part of the knowledge base for incident detection.

  2. Detection:
    2.1 MDR services rely on tools and technologies to minimize detection times, such as:
    • MITRE ATT&CK
    • Machine Learning
    • EDR, XDR,NTA
    • Event correlation
  3. Investigation:
    With MDR management, the investigation of alerts and security incidents is performed in order to determine with an in-depth analysis the root cause, as well as the timeline of the event.

  4. Response:
    Once analyzed, understanding is sought so that in case of upcoming threats any malicious action can be blocked immediately. The MDR works as an orchestrator and in it we can build and deploy playbooks, automations in interconnected tools and platforms, and thereby reduce detection and response time.

There are currently different services and to list only one as the best option is not an easy task, so we list 10 of the best MDR services:

 

Services

Features

Operating system

Deployment

Demo

Its goal is to SHIELD your organization using machine learning, enabling orchestrated and automated responses, based on pre-established policies.

Windows, Mac, Linux.

Cloud-based and on-premise (IT, OT and IOT).

Available

Prevention, detection and response capabilities.

Windows, Mac, Linux, iOS and Android platforms

Cloud, hybrid, on-premise and airspace.

Available

24/7 threat assessment and response

Windows, Mac y Linux.

Cloud-based and on-premise.

Available

Breach protection

Windows, Mac, Linux.

SaaS, IaaS, on-premise and hybrid.

Available

 

A3Sec presents a technological solution in order to detect and react using data analytics with the goal of finding indicators of a possible attack.

The goal is to BLIND your organization using machine learning, enabling orchestrated and automated responses, based on pre-established policies.

  • Analyzes user actions and generates endpoint response.
  • Allows access to machines to reduce exposure to risk, detecting events and responding to them immediately.
  • Adds a data layer to analyze your organization's movements, complementing it as a hyper-evolved generation of antivirus.
  • Detects security breaches and incidents, reacting immediately.
  • Analyzes user movements, converting them into analytics to react to anomalous behavior. It is a solution backed by a data analytics team, always ready to DETECT and REACT to attacks.
  • Always ready to SHIELD IT at any cost. 

Many companies believe that they are too small to cause interest to a cyber attacker. But that is a big mistake, because nowadays there is almost no company that does not have some service published on the Internet (email, FB, website, etc.).

The reality is that small and medium-sized companies are more likely to be victims of an attack due to limited protections, which makes them a better target.

In closing, if the idea of this cybersecurity service for your company was of interest to you or you are already evaluating the possible implementation with a provider, I suggest:

  • Look for a vendor that uses a combination of automation, orchestration, data analytics (event correlation) and threat intelligence.
  • A vendor that has SLAs that comply with your policies or that offers time-based SLAs to detect, control and remediate a threat.
  • Verify the service provider's experience in responding to threats, especially those that affect your services.
  • Look for a service where the provider can give you support in your language, this is essential for the flow of information to flow quickly and to understand your needs correctly.