It is virtually impossible to entirely prevent computer crime and data breaches. There’s no such thing as an impenetrable ‘wall’. Serious damage can only be prevented by timely detection and remediation. Yet a vast majority of organisations still neglect detection and response.
In its 2019 Cyber Security Monitor, CBS – the Dutch Central Statistical Office – reports a positive development in the security levels of organisations. The focus, however, is on prevention and Managed Detection & Response (MDR) is given too little attention. In the 2018 Market Guide for Managed Detection and Response Services, Gartner reported that only 5% of the organisations surveyed use MDR systems.
For the very reason that attacks and breaches are virtually impossible to prevent, MDR should play an important role in the risk management of organisations. And in insuring cyber risks, as MDR helps limit the damage caused by computer crime.
MDR attainable for everyone
At claims managers Van Ameyde the development of MDR has been a learning process of many years. The external solutions that were used were expensive and ultimately no longer met the requirements, particularly when GDPR came into force. After all, the obligations of claims managers are not limited to their customers, but extend to policyholders, third parties and financial authorities as well.
Besides, Tiago Faria, the Security Officer of Van Ameyde’s IT organisation (Zero)70, has a vision that goes beyond securing Van Ameyde. “I wished to reduce the security center’s expensive and scarce human factor as much as possible. MDR should also be attainable for less cash-rich companies and even NGOs.” His words were put into action and Faria’s vision was realised with the incorporation of 3CORESec, a company developing MDR services: from building blocks for existing security centers to a comprehensive virtual Security Operations Center (vSOC).
Insight, relevance and speed
Faria discusses the development of the vSOC and experiences of MDR users, “We set to work to resolve the bottlenecks that we as users faced in the past ourselves. Lack of true insight in the reported threats was one of them. External security modules seem to resemble black boxes. To effectively remediate threats, we need insight in the nature and impact of an incident.”
Relevance follows naturally from the need for insight. Relevance of threats differs per line of business, as concluded by CBS, but obviously also per organisation. Easily accessible, relevant information ensures that the security managers can act more swiftly. “We use, for example, speech and language technology, helping us make urgent notifications as accessible as possible to the person responsible for taking measures. The speed at which this person or team intervenes is of the essence. After all, information security continues to be about human intervention,” says Faria.
MDR in the cloud
An ever increasing number of organisations make use of cloud services. This makes the need for insight and transparency even greater. Particularly in such a shared infrastructure the question is: who is responsible for what part? To be able to provide answers, 3CORESec has developed a large part of its services in the AWS cloud. “AWS has appointed us an AWS Select Technology Partner,” says Faria. “This helps us bring MDR under the attention of a very large group of AWS users and market studies only go to show how important this is.”
MDR drives down costs
Without a doubt prevention continues to play an important role in information security. An MDR strategy, however, is crucial to making remediation effective and efficient. In addition, MDR in particular could substantially reduce the damage resulting from security incidents. As a result, MDR could be a cost-reducing factor in calculating cyber insurance premiums.
Being an AWS Select Technology Partner helps us bring MDR under the attention of a very large group of AWS users.
Security Office Van Ameyde | Zero70