Managed Detection and Response (MDR) services are fast becoming an essential cybersecurity layer as attackers refine their tactics, techniques, and procedures (TTPs) to overwhelm defenders. Sophos is one of the cybersecurity companies that provide MDR services having launched the services six months ago.
The company has now announced that its industry-first vendor-agnostic MDR service has grown its customer base by 33% in the first six months since introducing the service’s ability to ingest and analyze telemetry from third-party security vendors.
Already, Sophos is processing more than 150 million alerts from nearly 30 other security providers. Sophos has also added a new team of MDR experts in Germany to service the increasing demand in the German and European markets, as well as to support the existing globally located MDR team that monitors and defends organizations.
The fact that MDR services are being fast embraced also means that attackers are refining their tactics including decreasing their dwell time.
Reduced dwell time indicates attackers are working faster to accomplish their end goal, whether it’s stealing data, deploying ransomware, spying, or perpetrating some other nefarious activity against a target. Consequently, defenders have less time to respond, from identifying the presence of attackers to neutralizing them. Analysis of incident response cases shows that median dwell times are dropping significantly – down to 10 days for the first time, and a day less for ransomware cases – and attacks are occurring continuously instead of during off business hours or over the weekend. Just as interesting, there’s no significant difference in dwell time among organizations of different sizes or sectors.
“The adoption of MDR is skyrocketing because organizations need 24×7 teams of experts to simply take over and handle cyberattacks that are executed in less time, change quickly and are more complex in nature. These factors put Sophos in the ideal position to further trailblaze the market,” said Rob Harrison, vice president of product management for security operations solutions at Sophos. “Since introducing our game-changing ability to ingest, collate and correlate other security vendors’ signals, we’ve already processed more than 150 million non-Sophos alerts from nearly 30 common providers. We’re leading the market in terms of volume, variety and time with unique MDR data from both Sophos and the other security providers. With this advantage of ingesting data from third-party sources, we have broader context, enabling us to make better decisions, defend faster and apply deeper knowledge to new and existing MDR customers.”
“The MDR market is gaining momentum as companies scramble to stay one step ahead of rapidly evolving attacks that continue to increase in number, sophistication and complexity while simultaneously trying to manage the cybersecurity talent skills shortage reality. Since its launch in October, Sophos MDR has mirrored that momentum as organizations look to realize secure outcomes and reduce their cybersecurity risk posture from their existing cybersecurity investments. The benefit of Sophos’s technology-agnostic managed service approach is that it meets customers where they are rather than requiring investment in new security tools to achieve an outcome,” said Frank Dickson, group vice president for IDC’s Security and Trust research practice.