• Home
  • /
  • IOT
  • /
  • MDR technology: On the road to next-level status

MDR technology: On the road to next-level status

As managed detection and response moves to the next level, GenAI makes it possible for security professionals to deal with future threats more effectively.
Paul Stuttard
By Paul Stuttard, Director, Duxbury Networking.
Johannesburg, 08 Jul 2024
Paul Stuttard, director, Duxbury Networking.
Paul Stuttard, director, Duxbury Networking.

In my previous column, I suggested that managed detection and response (MDR) as a service is one technologically-based option that is becoming increasingly popular as a proactive strategy for many businesses that require comprehensive answers and remedial functionality when it comes to cyber security.

MDR as a service, I noted, involves a third-party provider hired to oversee and manage a business's security infrastructure, while searching for signs of anomalous activity and security breaches.

MDR service providers typically offer 24-hour surveillance of an organisation's intrusion detection and prevention systems, firewalls, and anti-virus and anti-malware software.

It is an important service, as Gartner foresees that, by 2025, 60% of supply chain enterprises will use cyber security risk as a primary determinant in conducting third-party transactions and business engagements.

To keep pace with this and other requirements from the corporate world, MDR technology faces many challenges. One of the most significant is the rise of identity-based attacks.

GenAI has enormous potential for predictive analytics, especially for foreseeing potential risks and averting attacks.

According to the CrowdStrike 2024 Global Threat Report, these attacks continue to wreak havoc on companies, with a startling 75% of first-access attempts carried out without the use of malware. This indicates that legitimate credentials were used for illegal entrance.

Identity-driven attacks are often successful because they are challenging to detect.

I previously noted that, in rising to this challenge, evolving MDR solutions are increasingly characterised by the integration of artificial intelligence (AI) and machine learning (ML). Now, as MDR moves to the next level, it is generative AI (GenAI) that is making it possible for security professionals to deal with future threats more effectively.

Compared to ‘conventional AI’, GenAI has clear advantages and enhances a variety of fields with creativity and innovation.

For example, the integration of GenAI within MDR significantly enhances the ability to detect, analyse and respond to a range of cyber threats – including identity-based attacks. Simply, it enhances the overall efficiency and accuracy in managing cyber security threats.

More specifically, GenAI has enormous potential for predictive analytics, especially for foreseeing potential risks and averting attacks.

According to Jimmy Astle, a senior director of validation and data science at a leading cyber security consultancy in the US, applying GenAI in the right circumstances helps security practitioners provide a more efficient, consistent and higher quality service to stakeholders.

A key benefit of the MDR/GenAI combination is its ability to proactively hunt for threats by continuously analysing user and entity behaviour to uncover hidden data that traditional methods might miss. It also tests hypotheses about potential threats using advanced data analytics and ML.

Importantly, GenAI enhances threat detection by identifying unusual patterns and behaviours in network traffic, system logs and user activities, and it automatically generates and updates threat signatures based on newly-discovered malware and attack patterns.

In addition, GenAI helps provide a comprehensive view of the overall threat environment by aggregating and analysing data from various threat intelligence feeds. And GenAI improves threat analysis by providing deeper insights into the context of an attack, including attacker behaviour, tactics, techniques and procedures.

Contributing to this improvement is GenAI’s ability to correlate and analyse information from unstructured data sources, such as threat reports, blogs and forums.

Ultimately, according to Ankur Sharma, the director of a global security services and solutions provider: “Harnessing the power of GenAI is a continuous cycle of evolving and adapting to match the relentless changes in the cyber attack landscape.”

Other significant developments in the MDR space include the adoption of high-level user and entity behaviour analytics (UEBA). Together, UEBA and MDR represent a powerful cyber crime fighting force. UEBA offers detailed behavioural insights and anomaly detection, while MDR provides the expertise and operational capabilities to respond to these insights.

Another step in MDR’s ascent to the next level is its tailoring to suit internet of things (IOT) devices.

At the IEEE World Forum on IOT in 2024, the critical role of MDR as it is applied to the IOT was emphasised. It was noted that as IOT devices become more pervasive in sectors like smart cities and industrial automation, MDR solutions designed for IOT will be instrumental in monitoring network traffic at gateways and ensuring secure cross-domain interactions.

This is pivotal for providing comprehensive security for connected devices and maintaining the integrity and security of IOT deployments.

Finally, MDR capabilities are increasingly being extended to cover operational technology (OT) environments, commonly found in manufacturing, transportation, electricity and similar industries.

The proactive detection and response capabilities of MDR, along with specific knowledge of OT settings, offer a strong defence against the growing number of cyber attacks that target vital industrial infrastructure. Not only does this integration improve security, it also guarantees the safety and uninterrupted operation of critical services.

According to an article in the online publication Industrial Cyber Security Pulse, MDR is increasingly integrated with OT-specific tools, such as asset management systems and security information and event management (SIEM) platforms. This allows for more sophisticated and context-aware security responses.

This is significant as GenAI is also able to integrate with various SIEM systems, enhancing their capabilities and providing a more comprehensive security posture.

This combination will help detect and mitigate threats specific to OT environments, ensuring security measures do not inadvertently compromise the safety and reliability of industrial operations.