Our house is only 18 months old. At this point, few things need repairing, painting, or upgrading. Everything, from the roof to the hot water heater in the basement, is more or less brand new.
So when one of the floorboards in our kitchen started looking a tiny bit cockeyed, I chalked it up to the house settling or something equally innocuous.
That is, until I came downstairs one morning and saw that every floorboard between the sink and center island was pushed up. Oh boy.
We called the plumber. He took one look and quickly identified the refrigerator as the culprit โ it had a leaky valve dripping in the back. The โfloor guyโ came over a few days later and as I write this, I am awaiting his estimate.
Through it all, I keep thinking, โI probably should have paid attention sooner.โ
Are You Ignoring the โFloorboardsโ in Your Business?
In the mix of high priority events and opportunities vying for the attention of a business owner, itโs easy to overlook or downplay little problems โ things that seem slightly off but that will probably self-correct or lead to nothing down the road.
Maybe itโs a disgruntled employee. Itโs unlikely they will ever download confidential data and try to profit from it somehow.
Maybe itโs an email telling you about several failed log-in attempts. Itโs unlikely attackers are in the process of emptying your bank account.
Maybe itโs an entry in your application logs (that nobody monitors), letting you know something suspicious is going on. Itโs unlikely bad guys have gained entry to a key system and will soon lock you out of it.
Fortunately, most really bad things are not just unlikely โ they never happen.
But sometimes, they do. And these small signals โ the cockeyed floorboards of your business โ are warning signs of significant future events that can have huge, even existential consequences.
So what should you do? Three words: Managed Detection Response.
Managed Detection Response (MDR) โ often referred to as a Security Operations Center โ describes solutions that monitor the behavior of your environment (e.g., your EDR solution, your network, your cloud hosting platforms), notify you if something out of the ordinary is detected, and take steps to contain the problem.
MDR is not the same as monitoring whether your systems are up and running or your disk drives are full. Thatโs important too, but this is about ensuring there is no bad behavior happening within your infrastructure.
Larger companies can manage MDR in-house. For everyone else, it is typically outsourced to a third-party, which offers:
- Economies of scale. Presumably, not all the MDRโs customers will experience incidents at the same time. They can spread the risk and staff 7/24/365.
- Tech knowledge. More employees on staff gives them an understanding of a broad technology stack. They can optimize for your environment.
- Shared threat intelligence. They learn from attacks on other companies, thereby increasing their understanding of what is needed to protect yours.
As with any service business, when evaluating an MDR, there can be a lot of variation in the quality and match to your requirements. Some things to consider:
- Price. Some MDR services can be quite expensive. But even a less-than-perfect solution is better than no monitoring at all.
- Platform knowledge. Microsoft companies are distinctly Microsoft (for example). Some companies have support for certain key pieces but not others. Not all companies have native integrations with key cloud services.
- Integration. We have seen some companies that have one set of alerting follow one escalation path while others follow a different path (or are not handled at all). Are the data feeds optimized and connected?
- Response optimization. How fast and in what way can they react to a problem? Can they do things on their own? Can they remediate? How do they handle an event that occurs outside of regular business hours?
- Customer service. This can be hard to detect before signing on. But they are your first line of defense when something goes wrong; you want to know how good they are. Do they answer your questions clearly? Do they return your calls quickly? Do their reports make sense? Do their references check out?
Prevention is Not Enough
I have written many times before about the importance of lessening the threat of cyberattack through things like MFA, timely patching, and regular employee training.
But even with those kinds of things in place, you wonโt be able to stop every attack. When bad things happen, you need to be alerted as quickly as possible and know that appropriate steps are taken to quickly prevent or contain any damage. An MDR is an essential piece of your cybersecurity defense.
Now let me go and look at that quote for a new floor. Yikes!
Want to get great cybersecurity content delivered to your inbox?ย Click hereย to sign up for our monthly newsletter, Tales from the Click.
