Skip to main content
Blog

Is FOMI keeping you up at night?

By 15 December 2021No Comments

Brian Martin at Integrity360 explains the value of Managed Detection and Response systems

Most people have heard of the fear of missing out – abbreviated to FOMO in popular psychology and behavioural economics. However, it’s likely to be FOMI – the Fear Of Missing Incidents – that keeps cyber-security professionals up at night.

Roughly nine in every ten analysts working in a security operations centre (SOC), in fact, are likely to be worried about pinpointing critical incidents that could lead to data breaches, hefty fines and brand damage.

And they’re under more pressure: the average security operations team was alerted to more than 75,000 potential security incidents by their systems every day and on any given day, just two of those alerts were likely to be valid threats. This is according to Deep Instinct’s 2021 Voice of SecOps report.

It’s no surprise then, that teams report alert fatigue, as described by FireEye/IDC research, even to the point of ignoring the flood of notifications. How much more productive could your company be with fewer false alarms around cybersecurity?

Let’s think about the reasons for investing in an SOC in the first place.

Typically, an organisation will be hosting sensitive data or information in some sense. Even if you’re not running an online service for consumers or overtly sharing vast quantities of data, you could be operating a number of databases containing personal or confidential information which can be accessed by people working with you – whether staff on the premises, working remotely, or even business partners or end customers.

Many, if not most, organisations will benefit from a unified or streamlined security function, incorporating a single point of visibility for all threats, that can save on the cyber-security cost centre. It then becomes increasingly critical to manage the challenges caused by this veritable onslaught of alerts.

Automation isn’t sufficient

Certainly, the rise of automation helps reduce the number of manual tasks to be addressed – but on its own, the automated demands from the system itself also increase pressure on beleaguered security teams. Automation must be applied in tandem with better identification, diagnosis, and even prognosis of incidents that help security professionals focus their attention where it matters.

Security Information and Event Management (SIEM) tools, cross-referencing and correlating logs to generate alerts, continue to evolve. Extended detection and response (XDR) tools will continue to emerge with better monitoring and management capabilities than in the past.

But even if this is all well managed, someone still needs to be keeping up with threats and solution innovation, knowing when and how to update or migrate to a new technology. In addition, the sheer amount of work involved in always-on threat management, from preparation, identification, containment and eradication through to recovery, reporting and communicating lessons learned, is prohibitive.

Enter MDR – fully Managed Detection and Response.

In a world where targeted and sophisticated threats have long been prevalent, moving to an advanced MDR service doesn’t stop with incorporating threat detection and threat intelligence, but enables ongoing adaptability and inclusion of advances in incident investigation and responsiveness to maximise early detection of events, threats and vulnerabilities and responding to them quickly and effectively.

This means keeping up, even with detection of stealthy emerging or zero-day threats that bypass security controls across networks, endpoints and in the cloud. And it enables organisations to focus on generating value – rather than fighting fires in an endless arms race to build and manage better and better cyber-security defences.

No more running to stand still

Increasingly widespread MDR solutions, with their special mix of advanced analytics and threat intelligence, combining technology with human expertise, have opened the doors to easier incident detection and response, enabling the organisation as a whole to alleviate SOC pressures and increase productivity levels. Whether you’re an MSSP or an end-user, this is highly desirable.

With MDR, organisations can move faster and more efficiently, targeting and heading threats off at the pass – reducing the risk of missing incidents that can lead to larger undesirable outcomes.


Brian Martin is Head of Product Management at Integrity360

Main image courtesy of iStockPhoto.com

Source

All rights reserved Teiss Recruitment Ltd.