FITNESS AND SECURITY UNLIKELY BEDFELLOWS
resolved by dedicated trainers.
This is precisely the advantage of Managed Detection and Response (MDR), which take comprehensive and contextual data outputs, filtering them so that only those which require analyst attention are flagged for further inspection. Analysts can thus use time which would otherwise be occupied researching the same incidents over and again to respond to those which are truly unique and highly suspicious.
This approach is much more focused on achieving results than compliance, and consequently is a specific, tailored security methodology. The fitness analogy would be taking a glossy magazine routine instead of using the experience of dedicated trainers with proven knowledge and expertise.
The objective of a good security policy should be the protection of pre-defined assets from quantifiable and understood threats, which by nature require in depth knowledge. As a result, we have something of a catch-22 – to have good security practice, one needs experience, but in order to gain experience, one needs to understand good security practice.
This is the concept behind MDR – to use the knowledge of those experienced in the attacker mind set to find advanced and capable individuals or groups. A person with this knowledge is inherently better placed to recognise the actions suggesting advanced threats, because they themselves would take them.
In a year’s time, the most dedicated will still be attending the local gym frequently. Others, this writer included, likely will not.
It is well known that having a gym buddy increases your chances of consistent attendance – so what if your gym buddy is a professional athlete? This is the benefit of a managed solution; security of enterprise networks is fundamentally the responsibility of the business, but why not take advantage of the expertise of professional threat hunters, who, like athletes, have cutting edge knowledge at their disposal?