SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
The three-pronged security approach that confronts security breaches head-on
Mon, 26th Oct 2020
FYI, this story is more than a year old

It's never been more important to have a sufficiently layered cybersecurity strategy. Threat actors are upskilling, and the time it takes for new attack methods to filter through the ranks is faster than ever.

All of this to say, if an organisation's first line of defence is their only defence, they're in trouble.

A layered security strategy, whereby organisations have in place a system which covers threat intelligence, consistent monitoring and rapid response, is increasingly critical. Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.

This three-pronged approach is appealing, but there are many vendors offering solutions that specialise in one or another of the three areas. Using three disparate solutions can needlessly complicate workflows, making a cybersecurity team's already jam-packed job even more complicated.

As in many other areas, simplicity is coveted by CISOs for this reason - which is why NCC Group's Managed Detection and Response (MDR) solution hits the mark.

The service combines threat intelligence, 24/7 monitoring and incident response into one solution, covering the entire lifecycle of a potential threat or breach. It emphasises an approach led by humans, not technology, who detect and respond to threats affecting modern businesses.

Threat intelligence

NCC Group leverages its speciality in hunting threats to understand and monitor the latest tactics being employed by cyber-attackers. This speciality comes from its efforts to know everything there is to know about how an attacker compromised a system, and their motives for doing so.

When the MDR solution detects an attack, it creates a ‘persona' of the threat, tracking the patterns displayed in the breach and utilising AI to help pick out these patterns in wider material.

While technology plays a large role in this process, NCC Group ensures that an experienced human eye is also tracking the attack, to pick out the potential intuitive patterns left behind by a human threat actor. In fact, 35% of threats that NCC Group identifies come from intelligence garnered by security analysts.

24/7 monitoring

The MDR solution uses the aforementioned threat intelligence to triage alerts and filter out false positives through the constant refinement of the detection engine. Users can also benefit from a tailored view of their threat landscape.

Leveraging its human-led team, NCC Group's SOC analysts respond to any incidents within 15 minutes of the highest severity attacks; at the end of this period, users are informed whether the breach is genuine or if it is a false positive.

The monitoring service, which includes 75 security operation centre analysts, also involves preliminary investigations and root cause analyses, which can prevent costly on-site incident response investigations.

Incident response

This branch of the solution deals in thorough investigations of genuine threats. The response revolves around both exploration and mitigation of threats, from state-sponsored risks through to those less sophisticated but which still bypass traditional network defences.

Security consultants are informed of the details of attacks, creating a precedent which can be used to prevent similar breaches in the future. This system provides a continuous cycle of intelligence that helps to combat even the most up-to-date methods of attack.

This type of investigation can potentially analyse an organisation's entire workflow to discern the point of attack. For example, if the source of infection came from a strain of malware traced to a company's supplier, a thorough investigation will unearth this, and the malware can be neutralised.

This would enable both the customer and their supplier to gain visibility of the infection and create a clear path of remediation to cleanse their systems.

It's more important than ever to ensure companies have an expert team on hand to combat any threats to your systems. MDR provides a cost-effective solution to the cybersecurity skills gap – with a team of external specialists filling the need for a niche team that are often expensive and hard to find.

With an integrated, three-pronged approach to cybersecurity, a human-centric response team, 24/7 monitoring, thorough incident response and more, MDR help prevent the increasingly likely scenario of a costly breach.