Home A CISO Guide to Managed Detection Response/Managed Prevention Response

A CISO Guide to Managed Detection Response/Managed Prevention Response

INTRODUCTION

New, sophisticated cyber attacks can dictate your cyber security strategies. As attacks become more advanced, the security practices that may have worked in the past can have diminishing returns. The security practices that may have worked in the past can have diminishing returns. As per Gil Shwed, the founder, and CEO of Check Point, “You don’t pick your battles, they pick you,” in speaking of the turnaround in the cyber threat world. Attackers decide what you need to deal with.

Against this landscape, your best cyber security is a solution that offers a comprehensive platform, protecting your organization against a wide spectrum of attacks. As a CISO, you no longer have the luxury of allocating security resources to target your biggest perceived threats. There are too many advanced attacks that can bring your operations to a halt for you to focus on isolated threat types.

Prevention and Detection Go Together

Acting on security alerts is a common practice and a necessity. However, the high volume of attacks can overwhelm your on-premise security team, threatening the ability to respond and remediate.

Third-party services play a valuable role to offload alert activities and provide other functions to your security operations centers (SOCs). These services use varying models to address alert overload, which can upgrade an organization’s security posture.

Too many alerts, not enough time

In a recent study, 79% of respondents reported having more than 500 cloud-security alerts open each day.  Since it can take up to 30 minutes to investigate each alert, the negative impact on security and staff is tangible. Likewise, the 2022 Devo SOC Performance Report, cited information overload and growing workloads as a main factor in worker burnout.

The need for outsourcing is a foregone conclusion.

Advantages and Disadvantages of Different Models for
Incident Response

Third-party services offer different models for security-event detection and response. Security Information and Event Management (SIEM) is a legacy model that offers in-house staff tools to monitor security events. SIEM is detection without response. Next, adding outsourced staff gives you Managed Security Service Providers (MSSP), security monitoring and management from off-site operation centers.

Read the full text here.