17 November 2021
In our last blog on the future of MDR, we have dived into six key elements that really make MDR work: research & development, continuous improvement, strong processes, CTI, Security Automation and Orchestration, and a recruitment program.
All the above being said, with the complexity of IT environments growing – both internal systems and the plethora of functions now being delivered from the public cloud, via Software-as-a-Service, etc. – keeping things as simple as possible has its appeal. We see several dominant ecosystems emerging, two of which (Microsoft and Palo Alto Networks) we added to our Managed Threat Detection portfolio this year.
You must be careful as an MDR provider. Generally, the more platforms you support, the more your service can become diluted. But you also have to recognize when it is an advantage to invest in an ecosystem that is being adopted.
Microsoft has undergone one of the most successful transformations in their security product portfolio in recent years, of course, driven by the success of Azure and its adoption globally. With Sentinel and Defender now becoming leading security platforms in their respective SIEM and XDR markets, that market adoption and product maturity alignment mean that the need for making the most of these cloud-native toolsets has never been greater and it’s the same old story – where do I find the skills? We underwent a massive program of training and familiarization with Microsoft this year and if you’ve spoken to me on this topic, you probably heard the phrase “supercharge your Sentinel”. Everything I talked about in the previous section is valuable to bring to the Microsoft party and moves it beyond just recognizing the value of the product alone. Because to reiterate, MDR is about outcomes that require much more than just operating a SIEM.
And what of the pure-play security companies? Of them, Palo Alto Networks continues to not only challenge the status quo across multiple areas of cyber security but they are also continuing to deliver on their track record of executing their vision. Bringing Palo Alto Cortex XDR into our ecosystem, alongside our other Managed Services around Prisma Cloud (Cloud Security Posture Management), Prisma Access (SASE), and of course Strata (Next-Generation Firewall) provides us with a platform and a combination of integrated services that can really make a difference to any business. Big or small. Mature or not so mature. MDR (and indeed Managed Security in a wider sense) is about outcomes.
Naturally, data privacy is a big factor when it comes to Managed Detection and Response services because of the sensitivity of the data being handled. And in this new age of very dynamic data flows across all of the places a business holds their data, it becomes ever more important to understand which data is stored and processed, where.
Transparency is key and of course, so is locality. We believe that these factors will really shine further light on those who are anchored in Europe, like Orange Cyberdefense. We have a very real (physical!) presence here in our home markets and whilst until now, that presence has been more about providing that local support and local team to maintain a strong partnership, it also could become about much more than that.
Adapting to data privacy laws is not something that is new to Orange Cyberdefense. Four years ago we launched our CyberSOC in mainland China for similar reasons and we made that investment for our customers so that – as with MDR in general – it was one less thing to worry about for our customers.
Managed Detection and Response continues to grow. But not all MDR is delivered equally. A step-change in your maturity can be achieved, but only if you invest yourself in the outcome you want to achieve. Being prepared not just to react to a crisis but to prepare with a solid crisis management program, including incident response procedures that are well practiced and well thought out, continues to pay dividends to those that invest in that area. After all, it is not just about detecting threats but minimizing the impacts through a consistent and decisive response that puts the “R” in MDR!
Considering MDR means considering what those outcomes are that you want (and not what the technology is). It means considering where you want that outcome to be achieved (in key areas of cloud computing, across your endpoints, on the open, deep, and dark web – wherever your business goes). And it means considering very carefully how you are going to get there and with whom.
We’re here to deliver that future and to build a safer digital society. Are you coming with us?