In particular, Managed Detection and Response (MDR) offers a combination of technology and expertise which most organisations cannot themselves field, with the shared cost of the service making it widely accessible.
That’s according to Steve Smith, Auckland regional manager of managed services and security solutions provider Advantage. “MDR is an alternative to an in-house Security Operations Centre; while only the largest of local companies are likely to have a SOC, every company benefits from round-the-clock monitoring of their entire threat surface,” he notes.
His view is confirmed by analysts including Markets and Markets, which notes the nascent MDR market is set for expansion at a compound annual growth rate of 16 percent, going from a modest US$2.6 billion in 2022 to US$5.6 billion by 2026. The researcher says factors driving growth include a shortage of cybersecurity skills and budget constraints.
With ‘endpoints’ routinely targeted by hackers, Smith says good security must include visibility right down to individual user smartphones, laptops, and other devices. “These endpoints are rich pickings because they are also often the point at which technical hacking is combined with social engineering. Hackers always look for the weakest link in the chain, and in many instances find it in the hands or at the fingertips of your people.”
In fact, a recent Verizon study indicates that human error is behind up to 82 percent of security breaches. A more dated study from IBM (2014) put the people factor behind 95 percent of security incidents. “People make mistakes. We click on things we shouldn’t, we open questionable web pages, we fall for phone calls claiming to be the IT manager requesting a password. When that happens, you want the sort of visibility which means acting without delay. Because the longer the dwell time, the more damage a hacker does.”
Through its partnership with SentinelOne, Advantage provides centralised around-the-clock monitoring of the entire attack surface of every client. Smith says SentinelOne is at the forefront of putting artificial intelligence (AI) to work for the cybersecurity industry: It uses machine learning for monitoring endpoint devices and cloud workloads using a heuristic model based on patented behavioural AI.
The AdvantageProtect service is built around a team of trained, certified, and experienced incident response engineers, which combines with SentinelOne’s endpoint monitoring detection, response, and prevention of security incidents on endpoint devices. Included in the service is a ‘one-click ransomware rollback’, guided remediation, and compliance assurance.
AdvantageProtect is unique in New Zealand, says Smith, with Advantage the only SIREN-certified (SentinelOne Incident Response Engineer) partner; the only partner with a local SOC providing SentinelOne MDR; and the only partner providing GCSB Malware Free Networks within the SentinelOne platform.
Smith says outsourcing MDR delivers optimal bang for buck and is ideal for organisations of any size. “Hackers are a busy lot and they’re motivated by financial reward. With endpoints in the firing line, MDR takes back control for a secure and safe environment for every individual and your organisation as a whole.”