Q&A with Blackpoint: Benefits of Managed Detection & Response (MDR) for SMBs

Next-generation anti-virus, Endpoint Detection & Response (EDR) tools, and firewalls are all absolutely a critical part of any cyber security stack. However, just as IT and technology evolve, hacker methods also evolve. We are now at a point in the threat evolution journey where having just an EDR and a firewall is no longer enough to catch and stop the hacker activity that exists – even having a SIEM is no longer the most effective way to thwart these threats.

EDRs are fantastic at what they do, which is to detect malware and quarantine it. Hackers (criminals) know this, and therefore, most of the activity that they perform within an environment once they breach it has no malware associated with it at all. This is what we refer to as hacker tradecraft: the actions and movements that hackers will take once they breach a network or cloud environment to determine where they are, what they can do, how they can elevate their credentials to complete their mission, whether it is exfiltrating data, creating copies of all your emails, or deploying malware. This is the activity that an EDR has a very difficult time catching, because hacker tradecraft involves using a lot of the IT tools that are built into our operating systems by default and there is no malware involved. This is where 24/7 Managed Detection and Response (MDR) comes in.

MDR involves the use of human analysts, tradecraft detection technology, and streamlined processes to detect and respond to attacks that bypass EDR and other automated security tools.

We have absolutely seen an increase in SMBs adopting MDR solutions, and there are a few things that are driving this trend.
Firstly, more and more SMB companies are experiencing devastating breaches, especially within the Microsoft 365 tenant. It may not have happened to you personally yet, but the more it occurs to companies that are similar to you, the more one realizes the need.

Secondly, MDR is starting to become a requirement for insurance companies to provide coverage and can be a driver of lower insurance premiums, which is something everyone can benefit from. The push for certain verticals to align with compliance frameworks such as CMMC, HIPAA, CIS is also a driver.

It is true that the types of criminals that are going after enterprise organizations are typically a different breed than the criminals that are targeting SMB companies, but that does not make the risk any less great. The criminals that are targeting SMB companies are typically going to be the ones who are out to make as much money as quickly as possible, while the criminals that are typically going after large enterprises are often focused on dwelling in the environment for a long time and stealing as much data as possible to then sell.

Of course, there are always fringe cases and hacker motives are always changing. Also, SMB organizations typically have more to lose and will have a much more difficult time recovering from a major breach than a large enterprise organization. GraVoc works to make sure that its SMB companies have the same access to nation-state-grade cyber security solutions at a cost that is affordable to them.

AI and automation are improving MDR services for SMBs in a similar way that it is assisting criminals in their missions. It is helping our teams be more efficient and ensuring that the parsing of data on the backend is happening at lightning fast speed and that the alerts and data that is being presented to our SOC analysts is extremely actionable and telling, which helps them in making an intelligent decision more quickly around whether an alert can be resolved or if it is malicious and needs to be remediated.

Time is of the essence, because AI is assisting criminals in being faster as well, so the faster we can respond to these threats, the better.

Key benefits include:

• Having a Team of the best SOC analysts in the world watching your network/cloud tenant for hacker activity and responding to it 24/7 at a cost that is a small fraction of what it would cost to build this out in-house
• SMB employees can sleep well at night knowing their assets are safe and they can focus on all the other things that go into making sure their business is running smoothly rather than worrying about cyber threats
• Having this kind of protection will create a greater trust with your customers because you will not have to deal with the reputation ramifications that come with a data breach
• The Microsoft 365 tenant is where hackers are focusing most of their efforts and it is also where most SMBs are starting to keep their most important data due to the shift to remote work – with 24/7 MDR through GraVoc, this will be protected as well

Having a 24/7 MDR service will allow for that IT staff to not have to worry so much about dealing with all their security tools and alerts and will allow them to focus on the other tasks that go into making sure their business is running smoothly.