More threats. Growing attack surfaces. Fewer security analysts. It’s no wonder a sense of pessimism permeates the cybersecurity community.
Despite increased investments in 2020, nearly 80 percent of senior IT leaders polled recently by IDG expressed a lack of confidence in their organizations’ IT security posture. Most said their IT teams are stretched extremely thin and lack the specializations necessary to combat the increasingly complex threat landscape.
To address those limitations, more organizations are working with third-party partners that offer managed detection and response (MDR) services. More than 90 percent of companies polled by Enterprise Management Associates say they’re either currently evaluating or already using MDR services.
The advanced automation features in MDR help resolve many of the issues currently vexing cybersecurity professionals. With the ability to analyze attacks based on unique tactics, techniques and procedures (TTPs), MDR solutions have proven effective at identifying even the most complex and sophisticated threats. What’s more, they allow organizations to boost security without increasing analyst hours or adding staff.
For example, Verteks has integrated Perch’s MDR solution into our managed security services portfolio. Through a web application, we connect with multiple threat intelligence communities to collect far more information on potential threats than companies with limited IT staff could ever hope to amass and analyze on their own.
Threat intelligence feeds are continuous streams of real-time data from firewalls, network endpoints, DNS logs and other sources. These feeds present raw information from a variety of external networks about suspicious domains, IP addresses associated with malicious activity, lists of known malware hashes and more. When compared with your own internal telemetry data, it can help you identify potential threats.
Of course, manually evaluating that constant flow of data would be an impossible task for individual IT staff members. Beyond the sheer volume of information flowing from each feed, errors and false positives make manual evaluation highly impractical. However, the Perch solution combines advanced analytics with machine-learning capabilities to rapidly analyze feeds from multiple intelligence sharing communities.
Based on that analysis, network sensors generate alerts to a centralized dashboard in the Perch security operations center (SOC). There, the Perch team triages each alert, escalates real threats when detected and supports you through the response process. Over time, machine learning capabilities help build the threat intelligence necessary to actively hunt for threats and disrupt them in advance of an attack.
Perch also integrates with a wide range of cloud-based platforms, ingesting their logs and feeding them into Perch’s security information and event management (SIEM) solution. These integrations include Microsoft 365 and Microsoft Teams, the Auth0 authentication and authorization solution, Cisco Advanced Malware Protection (AMP) for Endpoints, Salesforce and many others.
It also integrates with the Demisto security orchestration, automation and response (SOAR) platform to ingest and analyze information from your other security technologies. It then creates “playbooks” that document the behaviors and methodologies used in cyberattacks. The system will use those playbooks to detect possible attacks and interrupt them by anticipating and blocking the next step in the attack sequence.
Cybercrime presents an existential threat to most organizations today. According to a University of Maryland study, a cyberattack occurs every 39 seconds on average. Manually keeping pace has become impossible for short-staffed IT teams. We’d welcome the opportunity to show you how to improve your security posture by automating threat detection and response with our managed service. Call us to set up an appointment.