sb-nz logo
Story image

The three-pronged security approach that confronts security breaches head-on

It’s never been more important to have a sufficiently layered cybersecurity strategy. Threat actors are upskilling, and the time it takes for new attack methods to filter through the ranks is faster than ever. 

All of this to say, if an organisation’s first line of defence is their only defence, they’re in trouble.

A layered security strategy, whereby organisations have in place a system which covers threat intelligence, consistent monitoring and rapid response, is increasingly critical. Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.

This three-pronged approach is appealing, but there are many vendors offering solutions that specialise in one or another of the three areas. Using three disparate solutions can needlessly complicate workflows, making a cybersecurity team’s already jam-packed job even more complicated. 

As in many other areas, simplicity is coveted by CISOs for this reason - which is why NCC Group’s Managed Detection and Response (MDR) solution hits the mark.

The service combines threat intelligence, 24/7 monitoring and incident response into one solution, covering the entire lifecycle of a potential threat or breach. It emphasises an approach led by humans, not technology, who detect and respond to threats affecting modern businesses.

Threat intelligence

NCC Group leverages its speciality in hunting threats to understand and monitor the latest tactics being employed by cyber-attackers. This speciality comes from its efforts to know everything there is to know about how an attacker compromised a system, and their motives for doing so.

When the MDR solution detects an attack, it creates a ‘persona’ of the threat, tracking the patterns displayed in the breach and utilising AI to help pick out these patterns in wider material. 

While technology plays a large role in this process, NCC Group ensures that an experienced human eye is also tracking the attack, to pick out the potential intuitive patterns left behind by a human threat actor. In fact, 35% of threats that NCC Group identifies come from intelligence garnered by security analysts.

24/7 monitoring

The MDR solution uses the aforementioned threat intelligence to triage alerts and filter out false positives through the constant refinement of the detection engine. Users can also benefit from a tailored view of their threat landscape.

Leveraging its human-led team, NCC Group’s SOC analysts respond to any incidents within 15 minutes of the highest severity attacks; at the end of this period, users are informed whether the breach is genuine or if it is a false positive.

The monitoring service, which includes 75 security operation centre analysts, also involves preliminary investigations and root cause analyses, which can prevent costly on-site incident response investigations.

Incident response

This branch of the solution deals in thorough investigations of genuine threats. The response revolves around both exploration and mitigation of threats, from state-sponsored risks through to those less sophisticated but which still bypass traditional network defences.

Security consultants are informed of the details of attacks, creating a precedent which can be used to prevent similar breaches in the future. This system provides a continuous cycle of intelligence that helps to combat even the most up-to-date methods of attack.

This type of investigation can potentially analyse an organisation’s entire workflow to discern the point of attack. For example, if the source of infection came from a strain of malware traced to a company’s supplier, a thorough investigation will unearth this, and the malware can be neutralised.

This would enable both the customer and their supplier to gain visibility of the infection and create a clear path of remediation to cleanse their systems.

It’s more important than ever to ensure companies have an expert team on hand to combat any threats to your systems. MDR provides a cost-effective solution to the cybersecurity skills gap – with a team of external specialists filling the need for a niche team that are often expensive and hard to find.

With an integrated, three-pronged approach to cybersecurity, a human-centric response team, 24/7 monitoring, thorough incident response and more, MDR help prevent the increasingly likely scenario of a costly breach.

To learn more about how to prepare and respond to cyber-attacks, click here.

Story image
Increase in emergence of new cloud watering hole attacks
"Cloud native apps and services are more vital than ever before, and any risk in the infrastructure has critical implications."More
Story image
Research reveals increase in critical, low complexity vulnerabilities
2020 saw a large spike in physical and adjacent vulnerabilities, likely due to the proliferation of IoT and smart devices in use and being tested by researchers.More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Story image
ExtraHop reveals methods used by attackers in SUNBURST breach
The network detection and response company says between late March and early October 2020, detections of probable malicious activity increased by approximately 150%, including detections of lateral movement, privilege escalation and command and control beaconing.More
Story image
Veeam reports growth as demand for modern data protection increases
“Even with the unforeseen challenges and circumstances that began in early 2020, Veeam continued its rapid growth with its second consecutive year of bookings over $1 billion."More
Story image
Cybersecurity spending for critical infrastructure to surpass US$105 billion in 2021
The brunt of security spending is still first and foremost focused on IT networks, systems, and data security from a defensive perspective. More