Skip to content

Trending tags

How to detect and stop data breaches with managed detection and response

Joel Hiltunen

23.10.18 4 min. read

Finland’s largest commercial TV company MTV fights against data breaches with F-Secure Rapid Detection & Response Service.

MTV broadcasts news, sports and entertainment across dozens of free and paid channels. Cyber security is a high priority, especially in the current landscape of fake news, spear phishing and highly-publicized data breaches.

F-Secure’s unique take on the “managed detection and response service”, coined by Gartner, gives MTV several advantages:

  • Full visibility into their IT environment, including external contractors
  • Accurate and pre-filtered breach detections, with input from experienced human analysts
  • 24/7 support and breach guidance

The best part? The company achieved all this with an internal IT department of a dozen employees, with no special cyber security expertise.

 

 

RELIABLE BREACH DETECTION

MTV’s Head of ICT, Juha Allonen, thinks following trends is extremely important when it comes to cyber security.

“The threat landscape has really changed. Advanced attacks, spear phishing and data breaches are the norm, instead of the exception. We need to address these issues with new technologies and growing investments in human talent.”

Unfortunately, both are in short supply.

Forecasts say that cyber security will have 3.5 million unfilled positions by 2021. At the same time, over 67% of global enterprises have been breached. Many of these attacks leverage advanced attack techniques that are impossible to detect with standard anti-malware and endpoint solutions.

The results are not something you can ignore, either. The average cost of a data breach is $3.62 million.

Juha saw the future the industry was heading towards. MTV needed to take action.

The only issue was resources – not money, but time and expertise. Breach detection is not a simple endeavor.

“We rely heavily on external partners with our IT security”, Juha explains. “My team and I do stay on top of the latest technologies, but we have a ton of other responsibilities as well.”

F-Secure is one of MTV’s key cyber security partners. With a history of risk assessments, IT security policy creation and penetration testing, Juha knew that the Finnish security company would have something up their sleeve.

“F-Secure has been a very proactive partner, always introducing new solutions and best practices. We were discussing some of our pain points, and they suggested we try out their MDR solution.”

Juha’s contact at F-Secure promised they could give him protection against advanced threats without extensive internal input. They could also integrate their solution with MTV’s external SOC provider’s systems.

With these assurances, Juha agreed to test the service.

MANAGED DETECTION AND RESPONSE

The idea behind managed detection and response, or MDR, is simple.

The “managed” part of the term means just that: the service is fully operated by an external partner, requiring very little input from an organization’s internal IT team.

“Detection and response” refers to the way in which the service works. By inserting sophisticated sensors across a company’s endpoints and networks, the solution provides full visibility into the wider IT environment.

The end result? A solution that can detect breaches based on behavior, instead of obvious signs of malicious activity. MDR also enables swift and effective response actions, supported by automation or human decisions.

Scenario: an external contractor who’s worked for a company for 6 months logs into the system during normal work hours.

Initially they conduct standard work tasks via the usual systems. But after a while, something strange starts happening.

The contractor opens folders which they shouldn’t – and run applications which they have no business running. They try to transfer data off the company server without a good reason.

It becomes clear that something is off. Either the contractor has been turned, or his account details have been hacked.

No matter which – you’re in the process of getting breached.

Not to worry. Your MDR service has already notified you, and booted the attacker off the network. Now they’re instructing your IT team with forensics and damage clean-up.

Problem solved.

MAN AND MACHINE

This is the gist: no human would have been able to flag the above threat alone.

There were no clear signs that something was wrong. Your endpoint software’s alarms didn’t go off – email protection didn’t catch any phishing mails at the gateway.

The contractor’s behavior was suspicious. But good luck spotting that among millions and millions of events, most of which are completely normal. Scenarios like these are more common that you’d like to think.

The only way to catch attacks like these is with a combination of man and machine. Simply:

  • Sensors collect relevant data
  • Artificial intelligence processes the data
  • Knowledgeable human analysts go through suspicious breach detections

REAL CYBER RESILIENCE

After taking Rapid Detection & Response Service into use, Juha has seen a vast improvement with MTV’s threat detection capabilities.

“The level of sophistication is a huge benefit. We have effectively improved our SIEM and SOC’s visibility”, Juha says.

As the responsible person for MTV’s cyber security, Juha can sleep his nights better knowing that someone with real skills and training is watching their back 24/7.

“I’ll always worry about our security. But it’s much more tolerable when you have a serious player backing you up at all times.”

He’s also grown to appreciate the concise way in which the service packages information.

“All the data and insights we get out from Rapid Detection & Response Service is processed in a way that makes it easy to read or browse through”, Juha says. “Although I know the jargon pretty well, I don’t like to read massive reports filled with technical definitions, complex language and abbreviations.”

Not surprisingly, Juha has decided to stick with managed detection and response. MTV’s cyber resilience – their ability to bounce back after adverse cyber incidents – has never been better.

PROTECT YOURSELF FROM CYBER-ATTACKS

If you want a free phone consultation into your company’s cyber security, book a time with one of our experts here.

Book a consultation

 

Check out the video below to see how these services can save companies from real data breach nightmares. Share it with your colleagues as well – if you want to give someone the cold sweats, this should do it!

Joel Hiltunen

23.10.18 4 min. read

Categories

Leave a comment

Oops! There was an error posting your comment. Please try again.

Thanks for participating! Your comment will appear once it's approved.

Posting comment...

Your email address will not be published. Required fields are marked *

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.