Connect with us

Expert Speak

Managed Detection and Response Services – An Effective Defense to Knockout Sophisticated Cyberattacks

Published

4 years ago

on

Modern organizations of all sizes can rest easy with Sophos Managed Threat Response (MTR) Services that offer 24/7 threat hunting, detection, and response capabilities. Harish Chib, the Vice President for the Middle East and Africa at Sophos, explains

The accelerated adoption of cloud, digital transformation, and remote working, in the wake of the ongoing pandemic, has expanded the attack surface for cybercriminals. Adversaries are also changing their tactics, techniques, and procedures to increase launch cyberattacks that combine automation with active human interaction or “hands-on keyboard” hacking. In these types of attacks, adversaries attempt to manually circumvent preventive solutions, such as firewalls and endpoint security, and leverage administrator tools, pen test tool kits, and poorly designed or easily exploitable applications to escalate privileges and move laterally.

Due to the increased use of these attack methods, IT leaders need to ensure their current cybersecurity defenses can stand up against active cyberattackers by including a proactive threat hunting component. Threat hunting requires the right tools, people, and processes in-house to effectively manage security around-the-clock. Yet, many businesses struggle to put all of these much-needed pieces in place. This dilemma has given way to a new solution: Managed Detection and Response (MDR) services.

 MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organizations’ security team, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack to gather and analyze intelligence.

MDR providers often use a combination of host and network-layer technologies as well as advanced analytics, threat intelligence, forensic data, and human expertise to rapidly identify and neutralize threats. The goal of MDR is to detect and respond to threats in customer environments that have circumvented preventative security controls. MDR providers have risen to fill in the threat detection and response gap left by these tools.

Not all MDR services are equal. One increasingly important customer requirement of MDR services—and one that still very few vendors provide—is the ability to take targeted actions to neutralize threats on the customer’s behalf versus simply notifying them of potential or imminent threats. Effective MDR services require analysts to conduct methodical investigations to determine the validity and scope of potential threats, minimize false positives, neutralize confirmed threats, and provide additional context and recommendations for improving an organization’s overall security posture.

As a market leader in advanced threat prevention with a deep legacy of pioneering cybersecurity offerings, Sophos develops solutions by truly understanding customer challenges. In this regard, Sophos Managed Threat Response (MTR) service provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully managed service. Going beyond just notifying customers of attacks or suspicious behaviors, the Sophos MTR team takes targeted actions on customers’ behalf to neutralize even the most sophisticated and complex threats.

According to a recent report by Gartner, 50 percent of organizations will be using MDR services by 2025, which is an increase from less than 5% in 2019. This further validates that continuous cybersecurity monitoring along with existing preventive measures is vital for enterprises to successfully minimize organizational vulnerabilities and ensure business continuity.

To sum up, MDR is an important component of the future of cybersecurity. Organizations that simply follow market trends will tend to always be a few steps behind the perpetrators. It is no longer sufficient to have a basic cybersecurity strategy in place – dedicated and continuous threat hunting, detection, and response services such as MDR are indispensable to companies who aspire to thrive in the changing threat landscape.

Related Topics:
Continue Reading

Artificial Intelligence

How AI is Reinventing Cybersecurity for the Automotive Industry

Published

4 weeks ago

on

April 23, 2025

By

Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)

Continue Reading

Cyber Security

Positive Technologies Study Reveals Successful Cyberattacks Nett 5X Profits

Published

2 months ago

on

March 25, 2025

By

Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Continue Reading

Expert Speak

What the Bybit Hack Reveals About the Future of Crypto Security

Published

2 months ago

on

March 8, 2025

By

Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.