How to detect and stop data breaches with managed detection and response
Finland’s largest commercial TV company MTV fights against data breaches with F-Secure Rapid Detection & Response Service.
MTV broadcasts news, sports and entertainment across dozens of free and paid channels. Cyber security is a top priority, especially in the current landscape of highly-publicized cyber attacks.
F-Secure’s unique take on the “managed detection and response service”, coined by Gartner, gives MTV several advantages:
- Full visibility into their IT environment, including external contractors
- Accurate and pre-filtered breach detections, with input from experienced human analysts
- 24/7 support and breach guidance
The best part? MTV achieved all this with an internal IT department consisting of a dozen employees, with no special cyber security expertise.
RELIABLE BREACH DETECTION
MTV’s Head of ICT, Juha Allonen, thinks following trends is extremely important when it comes to cyber security.
“The threat landscape has really changed. Advanced attacks, spear phishing and data breaches are the norm, instead of the exception. We need to address these issues with new technologies and growing investments in human talent.”
Unfortunately, both are in short supply.
Forecasts say that cyber security will have 3.5 million unfilled positions by 2021. At the same time, over 67% of global enterprises have been breached. Many of these threats leverage advanced attack techniques that are impossible to detect with standard anti-malware and endpoint security solutions.
The results are not something you can ignore, either. The average cost of a data breach is $3.62 million.
Juha saw the future the industry was heading towards. MTV needed to take action. The only issue was resources – not money, but time and expertise.
“We rely heavily on external partners with our IT security”, Juha explains. “My team and I do stay on top of the latest technologies, but we have a ton of other responsibilities as well.”
F-Secure is one of MTV’s key cyber security partners. With a history of risk assessments, IT security policy creation and penetration testing, Juha knew that the Finnish security company would have something up their sleeve.
“F-Secure has been a very proactive partner, always introducing new solutions and best practices. We were discussing some of our pain points, and they suggested we try out their MDR solution.”
Juha’s contact at F-Secure promised they could give him protection against advanced threats without extensive internal input. They could also integrate their solution with MTV’s external SOC provider’s systems without excessive costs.
With these assurances, Juha agreed to test the service.
MANAGED DETECTION AND RESPONSE
The idea behind managed detection and response, or MDR, is simple.
The “managed” part of the term means just that: the service is fully operated by an external partner, requiring very little input from an organization’s internal IT team.
“Detection and response” refers to the service’s operating principle. By inserting sophisticated sensors across a company’s endpoints and network, it provides full visibility into the wider IT environment.
The end result? A solution that can detect data breaches based on behavior, instead of obvious signs of malicious activity. MDR also enables swift and effective response actions, supported by automation or human expertise.
Scenario: an external contractor who’s worked for a company for 6 months logs into the system during normal work hours.
Initially they conduct standard work tasks via the usual systems. But after a while, something strange starts happening.
The contractor opens folders which they shouldn’t – and run applications which they have no business running. They try to transfer data off the company server without a good reason.
It becomes clear that something is off. Either the contractor has been turned, or his account details have been hacked.
No matter which – you’re in the process of getting breached.
Not to worry. Your MDR service staff have already notified you and booted the attacker off the network. Now they’re instructing your IT team with forensics and damage clean-up.
Problem solved.
MAN AND MACHINE
This is the gist: no human would have been able to flag the above threat alone.
There were no clear signs that something was wrong. Your endpoint software’s alarms didn’t go off – email protection didn’t catch any phishing mails at the gateway.
The contractor’s behavior was suspicious. But good luck spotting that among millions and millions of events, most of which are completely normal. Scenarios like these are more common that you’d like to think.
The only way to catch attacks like these is with a combination of man and machine. Simply put:
- Sensors collect relevant data
- Artificial intelligence processes the data
- Knowledgeable human analysts go through suspicious detections
REAL CYBER RESILIENCE
After taking Rapid Detection & Response Service into use, Juha has seen a vast improvement with MTV’s threat detection capabilities.
“The level of sophistication is a huge benefit. We have effectively improved our SIEM and SOC’s visibility”, Juha says.
As the responsible person for MTV’s cyber security, Juha can sleep his nights better knowing that someone with real skills and training is watching their back 24/7.
“I’ll always worry about our security. But it’s much more tolerable when you have a serious player backing you up at all times.”
He’s also grown to appreciate the concise way in which the service packages information.
“All the data and insights we get out from Rapid Detection & Response Service is processed in a way that makes it easy to read or browse through”, Juha says. “Although I know the jargon pretty well, I don’t like to read massive reports filled with technical definitions, complex language and abbreviations.”
Not surprisingly, Juha has decided to stick with managed detection and response. MTV’s cyber resilience – their ability to bounce back after adverse cyber incidents – has never been better.
PROTECT YOURSELF FROM CYBER-ATTACKS
If you want a free phone consultation into your company’s cyber security, book a time with one of our experts here.
Book a consultation
Check out the video below to see how these services can save companies from real data breach nightmares. Share it with your colleagues as well – if you want to give someone the cold sweats, this should do it!
Categories