Contact Us
Contact Us

Cloud Transformation

Network Transformation

IT Modernisation

Security Enhancement

Services

Cloud Transformation

Hybrid Cloud

Private Cloud

Public Cloud

Edge Cloud

Cloud Modernisation

Cloud Managed Services

Managed Cloud Security

Services

Network Transformation

SASE

SD-WAN

Network Services

Services

IT Modernisation

SAP Solutions

RISE with SAP

S-4HANA

Application Modernisation

Cloud Managed Services

Data Modernisation

Services

Security Enhancement

Managed Security Services

Managed Security Awareness Services

SOC as a Service

Managed Cloud Security

Managed Digital Risk Protection

Managed IoT and OT Security

GRC Cybersecurity

Supply Chain Risk Management

Blogs

Cloud Transformation

Network Transformation

IT Modernisation

Security Enhancement

More

Press Releases

White Paper

Reports
View all Insights

Featured Customer Stories

Cloud Transformation

Enabling enterprise digitalisation

Read More

Network Transformation

Enterprise network built for innovation

Read More

Posts

MDR vs IR: Taking the best approach for your organisation

MDR vs IR: Taking the best approach for your organisation

Matthew Tan

Matthew Tan

July 1, 2024

Organisations are now facing a growing range of threats amidst a rapidly changing technological landscape. Not only do they have to deal with advanced persistent threats (APTs) such as browser-based malware and social engineering, but also with zero-day exploits, file-less malware, and rampant ransomware. In such cases, taking a reactive approach to cybersecurity management can lead to significant business and reputational risks, especially in the face of constantly evolving threats such as those enabled by generative AI (GenAI).

Cyber resilience refers to an organisation’s ability to protect their assets, mitigate risks, and recover from incidents. Managed detection and response (MDR) and incident response services (IR) play significant roles in determining whether an organisation survives cyber threats and attacks with limited or no damages.

What is Managed Detection and Response?

MDR is a cybersecurity service which provides organisations with a team of experts who are 24/7 focused on detecting threats early through continuous monitoring, and neutralising attacks before they can wreak havoc. A proactive approach to cybersecurity, MDR leverages automation and analytics to outsmart cyber threats that may otherwise bypass traditional security measures.

Benefits of MDR include:

  • Dedicated, customised and scalable cybersecurity services: IT teams can spend more time on core business-critical tasks as a dedicated cybersecurity team of experts with advanced tools take over the task of maintaining a robust security posture with services that are customised and scalable according to business needs. Organisations can avoid dealing with the challenges of finding cybersecurity talent, especially in regions like Asia Pacific (APAC) where there is a shortage of security specialists.
  • Fortified security posture: Enabling complete visibility of assets across the attack surface, allowing risk-based continuous vulnerability management, and elevating the organisation’s security posture. MDR provides faster response and remediation as a result of proactive threat hunting, identification, and containment.
  • 24/7 monitoring and response: Business leaders can be confident of the safety of critical crown jewels and IT resources with assets being constantly monitored and guarded against malicious actors. MDR is designed to operate continuously, providing round-the-clock protection unless instructed otherwise. Yes, cybercriminals are always lurking around in search of vulnerabilities, but MDR is designed to protect the IT environment and network infrastructure day and night and prevent threats from metastasising.
  • Sound threat investigation and reporting: Unlike other security services, MDR involves unravelling the whole story around a potential attack: how an attack could have been launched, and where the weak points are in the system, in order to improve threat intelligence and decision-making.

What is Incident Response?

Incident response (IR), on the other hand, is a cybersecurity approach which determines what an organisation should do in the event of an attack, or a detected threat. Reactive in nature, the goal of incident response is to minimise the impact of a data breach, so that the organisation does not suffer losses. Incident response involves:

  • Threat identification: A good IR plan incorporates known and unknown threats, where they could have entered the network, and how they could be mitigated.
  • Step-by-step procedures: Organisations are required to outline clear and simple steps to follow in the event of a cyberattack. This includes chain of command, security protocols, and recovery measures such as communicating with customers, investors and the media.
  • Best practices: Cyber threats are unfortunately inevitable, and no solution can guarantee 100% threat prevention. A good IR plan outlines best practices, drawing from both internal and external experiences in mitigating previous cybersecurity incidents.

MDR or IR: Which should organisations adopt?

Simply put, organistions should adopt both MDR and IR, because they are not mutually exclusive. IR provides a blueprint for responding to cyber threats when they happen, while MDR elevates the organisation’s security posture through proactive threat hunting, early detection and mitigation as well as remediation.

Between the two, MDR offers significantly more benefits than IR – not only is it proactive, but it also alleviates alert fatigue and additional burden for internal IT teams. Organisations can save the costs of building an entire security practice from scratch, which involves tools, integrate them and training up or hiring in-house specialists. Crucially, MDR banks on the expertise of highly-skilled security experts with years of experience which can be scarce and costly.

Why Lumen for MDR services?

Lumen’s Advanced MDR service is designed to see more and stop more with threat intelligence and analytics capabilities that help gain control over AI-powered threats as they evolve. We have expanded our threat detection and resolution capabilities with the Advanced MDR service in response to evolving cyber threats such as those created by generative AI (GenAI). Advanced MDR delivers more comprehensive protection against evolving and latent business and reputation risks through:

  • Proactive threat detection and hunting capabilities beyond endpoints and network infrastructure. Lumen’s Advanced MDR covers cloud native applications, supply chains, IoT devices and OT among others while driving user and entity behavioral analytics through 24/7 Security Operations Centres (SOC).
  • Elevated overall security posture with complete asset visibility through deeper coverage of the attack surface, enabling risk-based continuous vulnerability management.
  • Better threat detection effectiveness than traditional MDR services with next-generation threat modeling and detection engineering processes based on the MITRE ATT&CK® framework.
  • Prevention of evolving GenAI-powered cyberattacks through the Black Lotus Labs threat intelligence and collaboration with industries and organisations, as well as by combining AI-driven analytics with human expertise.

With the continuous penetration of GenAI across industries, cyber threats are likely to become more pervasive and sophisticated. Lumen’s Advanced MDR solution helps leaders at organisations confidently take on modern cybersecurity threats even as they evolve.

To start the journey toward achieving an elevated security posture, get in touch with our security professionals today.

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. For more details, please visit https://attack.mitre.org/resources/legal-and-branding/terms-of-use/

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents Lumen’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. Lumen may change or cancel products and services or substitute similar products and services at its sole discretion without notice. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. ©2024 Lumen Technologies. All Rights Reserved.

Matthew Tan

Matthew Tan

Senior Manager, APAC Product Management, Lumen Technologies