MSPs Can Now Provide Managed Detection and Response with Cynet 360 | Threatpost

Today, managed detection and response (MDR) is a rapidly growing market segment, actively pursued by some 27 percent of organizations, according to April 2019 numbers released by ESG Research.

According to the same, another 11 percent of organizations plan to pursue MDR in the future.

The Cynet 360 platform allows security-focused managed service providers (MSPs) to get ahead of their competition by adding MDR to their offerings in the form of the platform’s integrated autonomous breach protection capabilities, plus CyOps, its 24/7 SOC team (learn more here).

A product of the last few years, MDR was created to assist organizations by making a team of experts available for services beyond what their in-house security team can provide. This includes items such as 24/7 alert prioritization, investigation and proactive threat hunting. With the Cynet 360 platform, organizations gain security for endpoints, network and user accounts, and the MDR provider can promise real-time protection against threats throughout the organization via a single integrated solution.

As Threats Evolve, So Do Detection Solutions

As the advanced threat landscape has changed, the security industry has responded with various detection offerings. These alert organizations when malicious activity is found in the environment. This area includes offerings such as endpoint detection and response (EDR), user behavior analytics (UBA), network analytics and deception, and all can be added to the security arsenal available to the organization.

The skills gap is a well-known issue in the security industry. As a result of this, plus the high number of alerts that many detection solutions produce, a solution’s full protection potential is usually not achieved. Between the false positives and the need to prioritize true critical alerts, and then the need to utilize security technologies to hunt undetected threats, most security professionals have their hands full. To put is simply, many threats go undetected. All it takes is one missing link in the operation of an advanced threat detection product, and the organization is left open to attacks, no matter how much is spent on security solutions.

Solve the Skills Gap with MDR – Skills-as-a-Service

With MDR, the security skills gap is no longer an issue. MDR allows security providers to offer organizations the ability to use the services of a team of 24/7 SOC security experts who receive, prioritize and analyze alerts, in place of taxing their own staff. This helps cut down on alert fatigue, which happens when a security team is constantly inundated with multiple alerts, and does not ‘see them’ anymore – thus no longer handling then effectively. Now in the hands of the MDR team, security alerts are received, prioritized and the customer organization is advised how to handle them and what remediation steps should be taken, according to severity.

What’s Required to Implement an MDR Detection Solution

It is up to the MDR provider to ensure that the technology they use to detect and protect the customer environment covers all main attack vectors, including endpoints, the network and user accounts. This means the solutions should both detect malicious activity and ensure full visibility into all activities across the organization. MDR providers must be able to promise all this, plus the ability to carry out in-depth investigations, as the need arises.

With Cynet 360, MDR providers can provide a first-of-its-kind solution to their customers: Protection across the endpoints, user accounts and the network itself, in one solution. Installation is fast and easy (500 endpoints in one hour) and alerts are issued across all main attack vectors. This includes malware, exploits and fileless attacks on hosts, anomalous login and connection of user accounts, network-based attacks such as address resolution protocol (ARP) spoofing, lateral movement and data exfiltration. Learn more on Cynet for MDR providers, here.

Complete threat visibility can only be achieved by integrating multiple solutions covering EDR, UBA, network analytics and deception. With Cynet 360, providers can provide all this in a single solution. This allows for rapid scaling while meeting the needs of multiple customers, without encountering the usual deployment and integration roadblocks. With Cynet 360, an MDR provider is focused on giving their customers the security they need with alert management and proactive threat response, without the typical distractions.

Accurate Alerts Across Critical Attack Vectors

In many cases, malicious process execution cannot be determined without the context of surrounding activity in associated user accounts and network traffic. Cynet 360’s monitoring of endpoint, network and user activities means the platform is able to provide the full picture of an attack operation over time, with its entire context, cutting the false positives to an absolute minimum. These are the critical threats that are often missed by most siloed solutions such as EDR, network analytics or UBA.

Cynet’s CyOps 24/7 SOC – Backing the MDR Security Team

Cynet’s expert security researchers and threat analysts are online 24/7, monitoring alerts, investigating malicious activity and actively threat hunting. The CyOps SOC is an 80/20 percent mix of technology and services, of which MDR providers can take advantage to augment their own team and offer their customers the best in frontline security. Alternatively, MDR providers can decide to market CyOps services as a white-label model, while focusing on building their own team.

To learn more about Cynet 360 for MDR providers, click here.