August 01, 2019
Too many alerts, too little time, not enough people
By: Anup Ghosh

Do you really want to give adversaries nearly seven months, undetected, to explore your network? Unfortunately that’s the norm at the moment.

The mean time required to identify a cyber attack is 197 days, and the mean time to contain was 69, according to the Ponemon’s Institute’s 2018 Cost of a Cyber Breach Study. Ponemon also said the global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million, with the average cost for each lost or stolen record containing sensitive and confidential information increasing to $148.

Perhaps the most telling Ponemon statistic: Companies that contained a breach in less than 30 days saved more than $1 million versus those that needed more than 30 days to resolve.

Every moment counts

But with security operations teams often understaffed and overwhelmed by alerts … and security sensors and tools siloed … and with too many panes of glass to monitor, it’s no surprise it takes so long to detect and contain attacks.

We must change how we tackle the problem

To change the game, we need to shift the focus from prevention to rapid detection and response—getting in front of the adversary. With an understanding of their tactics, techniques and protocols, we have the opportunity at each stage of the attack lifecycle to detect and contain them before they hurt the business.

That’s the approach we’re taking with Accenture Security’s Managed Detection and Response (MDR). A fully managed service run through our global delivery centers, Accenture MDR orchestrates and automates the detection and containment of attacks on our clients’ networks, reducing the time to detect and resolve attacks from weeks and often months to minutes and hours. In addition, Accenture MDR incorporates threat hunting based on industry-tailored intelligence to find adversaries who evade standard security controls.

With MDR, security organizations can:

  • Understand the threats: MDR offers industry specific threat intelligence based on customized threat collection capabilities and dark web scouring.

  • Accelerate responses: Organizations can condense the time from detection to response from weeks/months to minutes/hours through pre-defined MDR plays that automate alert triage and threat remediation.

  • See across the enterprise: MDR fully extends monitoring, from security controls to network infrastructure, endpoints and cloud.

  • Proactively find adversaries: Using tailored use cases for clients and their respective industry, MDR develops threat hunt campaigns to find and resolve threats lurking in the noise to minimize damage and loss.

Who can benefit from MDR?

This managed solution is for any organization that values global-scale, industry-focused security expertise without the capital expense and headache of juggling multiple tools. In fact, if you are considering security information and event management (SIEM) solutions, endpoint detection and response (EDR), security orchestration, automation and response (SOAR), or outsourcing some or all of your SOC operations, you are already starting down the path of MDR. Now is a good time to look at Accenture’s MDR playbooks that orchestrate detection and response across these toolsets.

For audit committees, business line leaders, CROs, CIOs and CISOs, the pain associated with breaches is clear. Now, thanks to Accenture MDR, the path to a solution is as well.

For more, visit Accenture Security Managed Detection and Response.

Popular Tags

    More blogs on this topic

      More blogs on this topic