For all organizations, no matter what they do or where they are located, cyberthreats are a growing concern. Every year, criminals invent new and innovative ways to steal information, compromise networks, demand ransoms and damage reputations.
To defend against those threats, threat detection and response (TDR) has become one of the most important cybersecurity practices. For organizations that don’t want to make the considerable, often impractical, investment in building TDR capabilities internally, there are managed threat detection and response (MTDR) services that offer significant additional advantages. According to the research firm Gartner, by 2024, 90% of buyers looking to outsource security service providers will focus on TDR services1.
To fully explore what TDR is, and how it can help protect your organization, we’ll start by defining some of the basic concepts and terminology.
On its most basic level – absent the unique enhancements that cybersecurity providers add to their offerings – TDR is the practice of finding and identifying threats within your organizational IT infrastructure, which now includes mobile devices and apps, the cloud, the Internet of Things(IoT), and beyond.
Threats can be considered anything which has the potential to do your organization harm—with the types of potential threat vectors your organization needs to be aware of changing and growing almost every year. Many of these threats will evade your first lines of defenses — such as your antivirus programs and firewalls. How you’re able to respond to and mitigate those threats is a key component of your TDR strategy.
When your organization is conducting TDR, at a minimum it will be scanning for threats on a 24/7 basis using a combination of threat detection and response tools and methodologies, as there is no single “magic bullet” for effective threat detection and response. You will typically have software sensors monitoring your endpoints, gathering data on events and activity. A security platform will govern that data, helping your security staff identify suspicious activity. Alerts and triggers will typically be set up to help your team know when to take action.
The combination of human intelligence and automated processes is key to conducting effective threat detection and response. Fully automated threat detection and response solutions will not be effective – just as your security team will not possibly be able to fully monitor and analyze all activity in your IT ecosystem without the aid of software.
Beneath the overarching goal of preventing threats from turning into attacks, the objectives of your TDR activity will typically include:
There are additional tertiary benefits that a robust TDR practice can provide, such a helping provide visibility into network traffic and data activity.
As organizations seeks to put effective threat detection and response solutions into place, they will typically face obstacles:
In addition to the above, one of the biggest obstacles that organizations will face when trying to implement a threat detection and response solution is the skills gap. Recruiting and retaining top cybersecurity talent is difficult, as competition for experienced individuals can be intense. Organizations typically also grapple with resource limitation that might hamper their ability to properly fund a fully internal threat detection and response capability.
1 Gartner, “Managed Security Services Landscape is Changing”, ID G00719320
This complimentary report from Gartner provides expert guidance on key challenges buyers face when choosing an MDR provider and recommendations to ensure a desired outcome.