Thursday, March 14, 2024

Does Your MDR Deliver Outcomes — or Homework?

At CrowdStrike, we’re on a very simple mission: We stop breaches. It’s easy for us to make this claim but challenging to put into practice and maintain day in and day out. Still, we know with absolute confidence that nobody provides managed detection and response (MDR) better than our CrowdStrike Falcon® Complete MDR team. Why? Because we prioritize outcomes above all else, and we never leave customers stranded with extra work.

The Need for Speed

The main challenge in cybersecurity is speed. Today’s adversaries move fast, and we know from years on the front lines that attackers always find ways to keep moving faster. As the newly published CrowdStrike 2024 Global Threat Report reveals, the average eCrime breakout time is down to 62 minutes with the fastest recorded time now clocked at a mere 2 minutes and 7 seconds — compared to an average of 84 minutes the year prior. 

As cybersecurity defenders, we too must move faster. We must run our operations at unprecedented speed and scale to surgically eradicate threats whenever they strike — every minute of every day, 7 days a week and 52 weeks a year.

Cybersecurity Has a People Problem

The problem is we face a serious shortage of cybersecurity talent across the security industry. And despite the elevated attention on cybersecurity in recent years, the talent shortage keeps widening. According to the ISC2 Cyber Workforce Study 2023, the security skills gap ballooned to 4 million additional positions needed (up from approximately 3.3 million in the 2022 study). Today, ISC2 estimates there are about 5.5 million cybersecurity professionals — meaning the number of people in the profession would need to nearly double to be close to capacity. 

Your MDR Must Deliver Outcomes

To overcome today’s talent shortage and successfully combat advanced adversaries, organizations need a trusted team of security experts that protects you around-the-clock — a team that’s outcomes-driven, takes decisive, surgical action and removes entire workcycles from your plate. Falcon Complete MDR first launched six years ago with these very priorities in mind. And we continue to keep them at the forefront of our operations and embed them into every new capability we offer. 

So how do we do this? And how is our MDR service actually different? 

The primary characteristic that sets Falcon Complete apart is simple. We made the decision from the outset that we would own the results. Since practically all customers turn to MDR for the same simple reason — to avoid damaging breaches — our mission is and has always been to provide a security service that tackles this challenge head on. 

This is why from Day One, we included our best-in-class CrowdStrike Breach Prevention Warranty at no additional cost to provide confidence to our customers that we stand strongly behind our claims and the consistent results our Falcon Complete MDR team delivers every day. Proudly, in just over six years of continuous MDR operations, we now protect thousands of organizations worldwide, resolve more than 10,000,000 threats every year, deliver proven 403% ROI, and continue to add new capabilities and services (e.g., managed cloud security, managed identity threat protection and more) to always keep adversaries at bay. 

Since MDR competitors can’t (or won’t) commit to an outcomes-driven MDR service, they break down their pledges into more granular, half-hearted commitments (e.g., how soon their analysts will review and investigate critical alerts). Exacting service-level agreements (SLAs) like this are often laden with fine print — while they can be useful in tracking some aspects of MDR performance, they’re a long way from committing to stopping breaches.

Start from a Position of Strength

Selecting the right security products is never an easy task, and when you need skilled expertise, it can be even more challenging to find a truly differentiated service. Fortunately, Falcon Complete is not your typical MDR service. We strive to always deliver on our mission of stopping breaches with confidence and believe that every MDR service should be based on a strong foundation that will: 

  • Protect you with an army of cybersecurity experts that never sleeps. CrowdStrike Falcon Complete MDR provides layers of always-on expertise and protection with dedicated teams of elite threat hunters, security experts, incident responders and more. This is an army that works around-the-clock on your behalf to identify, investigate and surgically eliminate advanced threats wherever and whenever they strike.
  • Drive security configuration and agent maintenance from the outset. One of the most common ways for an attacker to gain a foothold into an environment is through unprotected or improperly configured systems. But without active management of the customer’s security posture, no MDR service can earnestly commit to stopping breaches because they can’t control this critical component of a proactive defense. This is why we actively manage the security configuration of customers’ managed systems to ensure every endpoint is optimally protected at all times.
  • Proactively hunt for stealthy and novel threats at the earliest possible stage. Most MDR services are structured around SLAs for responding to high-severity alerts but pay little attention to low-severity alerts. This structure helps other MDR services create sustainable, scalable businesses, but it ignores vital, early signs of emerging threats. This is why our Falcon Complete MDR team is much more aggressive with low-signal activity to diligently identify malicious activity as early in the kill chain as possible. And it’s why our CrowdStrike Counter Adversary Operations team is an integral part of our core MDR offering. 
  • Own the entire response while executing surgical remediation end-to-end. Stopping an intrusion before it becomes a breach is a time-sensitive business. Many MDR services know what needs to happen but won’t pull the levers or carry out the remediation steps. Instead, they stop short, offering recommendations and strategic guidance when rapid and decisive action is critically needed. This introduces costly delays and forces the customer security team to waste time receiving, understanding and performing the response themselves. Falcon Complete, on the other hand, conducts the entire response for you: We isolate affected systems from the network, kill actively abused processes, reset accounts and compromised identities, remove persistence mechanisms from file systems and registries, and carry out any number of further mitigating actions.
  • Continuously innovate and optimize to stay ahead of adversaries. At CrowdStrike, we never settle for the status quo. Back when every other managed service relied on inefficient, tiered SOC operating models, we introduced the novel concept of an MDR service run on a flat operating model, where every analyst is on the front lines and can resolve incidents from beginning to end. We aspire to lead the MDR industry forward through continued innovation and meticulous operational hygiene — and demonstrating technical proficiency through frequent independent testing and analyst evaluations.

Work with a Trusted Partner and #1 MDR Leader

With Falcon Complete MDR, we deliver results and never leave customers with homework. Don’t just take our word for it. We know results matter, and industry recognition and technical testing  underscores our leadership. In the past 18 months alone, we’ve been recognized by several independent analyst firms (listed chronologically):

Six years after Falcon Complete launched, the notion that an MDR provider should openly commit to outcomes — not just SLAs — still remains a radical concept in the industry. Nevertheless, our commitment to the mission of stopping breaches remains unchanged, and we are honored by the continued trust that our customers place in us every day.

Additional Resources

from Cybersecurity Blog | CrowdStrike

No comments:

Post a Comment