De-Mystifying Security Series: Managed Detection and Response
As IT security continues to grow in importance, businesses are being forced to re-evaluate their defenses and how they respond to threats. But with more than 90% of large businesses reporting information breaches each year, security now encompasses more than simply deploying additional technical solutions.
Prevention remains the best line of defense, but organizations must also prepare for worst-case scenarios. How you respond to, mitigate and remediate threats is equally important, particularly as your business will inevitably come under some form of attack in future. This is where MDR comes into play.
MDR – Managed Detection and ResponseManaged Detection and Response (MDR) is typically offered in a security-as-a-service format. MDR subscribers partner with a provider who proactively monitors several factors including system logs, user behavior, attacker behavior and known threats and vulnerabilities. Proactivity is key to identifying threats as quickly as possible.
The MDR partner also coordinates the appropriate response to every vulnerability they identify. This varies from immediate remedial action to deal with a breach in progress, to automation of defenses to better protect against known potential threats yet to happen. An MDR service provides detection and response across the full IT estate, covering applications, endpoints, and physical hardware assets.
SOC – Security Operations Centre
The Security Operations Centre (SOC) is the centralized facility responsible for providing ongoing day-to-day operational information security monitoring. The SOC is the first line of defense, proactively checking for security incidents or anomalies before escalating suspicious reports to the Incident Response Team (see below).
Typically the SOC monitors information flow and logs from firewalls, breach detection systems, and any applicable security information and event management system. As such, SOC capabilities are often provided as part of an MDR service (see above).
IRT – Incident Response Team
The Incident Response Team (IRT) is a multi-disciplinary group tasked with implementing the appropriate response to a confirmed, or suspected, security breach. At the heart of the team are the information security professionals who work to contain an event and carry out necessary remedial work. They will also be responsible for capturing forensic evidence for further investigation, or use in criminal proceedings where appropriate.
The technical experts are typically complemented by a senior manager to provide decision-making authority, technicians to assist with analysis and remediation. Additionally, some firms may choose to include representatives from legal and HR departments to assist with follow-up activities once the security breach has been successfully resolved.
The IRT is also sometimes referred to as CSIRT (computer security response team) or CIRT (computer security response team). An IRT may be in-house or outsourced depending on available skills and resources.
How Navisite can help
Navisite partners with Alert Logic Security Operations Center (SOC) to provide incident response (IRT) for clients. Powered by of Alert Logic's 'SIEMless' methodology, Navisite expertly analyses logs and network flow, monitors vulnerabilities, and tracks compliance postures across multi-cloud environments, correlating data and responding to threats in real-time. The combined efforts of Navisite and Alert Logic results in 24x7x365 security coverage for clients and peace of mind.