Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books

 

Cybersecurity 101: What does it involve and what should you invest in?

Apr 23, 2020

The basic steps involved in cybersecurity — identifying and protecting assets and detecting and responding to threats — might be simple enough, but their associated technologies are anything but.

Businesses routinely have to reckon with an alphabet soup of terms like NOC, SOC, EDR and MDR to gauge which ones should have a seat at the table.

But what do these terms mean, and how do you prioritize the adoption of one technology over another? The answer is complicated.

Alphabet soup

First, let’s clear up any confusion around these abbreviations:

  • NOC: A network operations center is like mission control for a business, monitoring widely dispersed data centers for performance, power failures or any reason systems could fail. NOC professionals typically monitor up/down status of device and performance using Simple Network Management Protocol (SNMP) and help triage and resolve IT related issues.
  • SOC: A security operations center seeks to prevent cybersecurity threats and detects and responds to any incident on the computers, servers and networks it oversees by alerting on security event logs that indicate a problem. What makes a SOC unique is the ability to monitor all systems on an ongoing basis, as employees work in shifts, rotating and logging activity around the clock.Fortune 500 companies and other large companies regulated companies tend to host such operations in-house, where others outsource this function to a Managed Security Service Provider (MSSP).
  • EDR: Endpoint detection and response (EDR) focuses its attention on endpoints in a computer network including servers, desktops and laptops.Unlike traditional endpoint protection (EPP) that provides passive protection of computer from known virus and malware,EDR provides continuous monitoring and automated response, countering advanced threats that evade AV and other preventative defenses, like isolating and containing a computer infected by ransomware. EDR includes heuristics or behavioral analytics designed to identify suspicious or malicious activities that may otherwise go undetected by human analysts. It is often used to construct a timeline of all endpoint actions taken, including the original system compromise, all system processes, and network connections to internal and external resources providing the information needed to conduct a successful digital forensics investigation.
  • MDR: Managed Detection and Response (MDR) is an advanced managed security service that provides threat intelligence, threat hunting, security monitoring, incident analysis, and incident response. This is unlike traditional SOCs or MSSPs who only provide alerts from security monitoring. Using advanced security analytics on endpoints, user behavior, application, and network; MDR provides deeper detection compared to traditional MSSPs, who mostly rely on rules and signature. For faster response, MDR also uses AI and machine learning to investigate, auto contain threats, and orchestrate response.

All of these technologies can benefit your cybersecurity plan, but MDR’s usefulness makes it stand out from the pack.

Can MDR help you?

MDR provides similar security event log monitoring and alerting provided by traditional SOCs or MSSPs.  “Use Cases” are created to trigger an alert based on certain event log activities (e.g. multiple unsuccessful login attempts) so that an analyst can investigate and triage the incident.

The big difference is that MDR adds “left of hack” and “right of hack” services. 

 Left-of-hack and right-of-hack services

  1. Left of hack: MDR anticipates threats by gathering intelligence about the global threat landscape to identify rapidly moving vulnerabilities, like new malware.It then uses artificial intelligence (AI) and machine-based learning to hunt for threats that may be present in a company so that preventive action can be taken before incidents occur.
  2. Right of hack: When indicators of compromise (IOCs) are identified, MDR helps to quickly analyze, isolate, contain, investigate, and resolve incidents quickly before it has a significant impact to the business.

Because MDR services are staffed with cybersecurity experts, you get professionals who not only understand the nature of the threats to watch out for, but who also keep tabs on the evolving nature of the challenges in real time. Forensic analysis of past cyber-breaches might be a useful task, best executed by MDR services.

Outsourced MDR services are especially useful if you need cutting-edge cybersecurity but can’t afford to hire and train a separate team in-house. Skilled cybersecurity talent is expensive because it’s hard to find: 3.5 million jobs in the industry will go unfilled by 2021, which makes an even stronger case to hire external help.

Leaning on MDR turnkey solutions also frees your IT talent from having to constantly monitor and put out fires, so they can focus on longer-term business directives.

Valuable MDR services can either function alone or complement your in-house IT talent. The high costs of a data breach dictate that you bolster your cybersecurity defenses. Given the constantly changing nature of the threats and the need to always be on guard, using MDR services to do so could be a cost-effective and efficient way to bolster your cybersecurity strategies.

How Wipfli can help

Learn more about MDR services on our web page or watch this video.

Interested in cybersecurity?

You can learn more about fluid and agile solutions in the evolving cyber landscape on our web page.

Or learn more in these articles:

Investing in cybersecurity saves dividends
Five easy (and low-cost) ways to increase cybersecurity
Multifactor authentication: Why you need it now
How to protect your business from ransomware

Author(s)

Jeff Olejnik
Principal
View Profile