Cyber ResilienceSecurityServicesGovernment & Public Sector

Three MDR strategies for government CISOs to quickly detect and respond to threats

The US President’s Cybersecurity Executive Order, released in May 2021, outlines “the persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” 

Here are three strategies to help government CISOs better understand how to maximize early detection, and the removal of cybersecurity vulnerabilities and incidents across their IT infrastructure by leveraging Managed Detection and Response services

Strategy #1: Embrace TTP-aligned Managed Detection & Response services to uncover hidden risks and threats before they make an impact on networks

Choose an MDR service that is aligned to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework around Tactics, Techniques and Procedures (TTP). TTP’s are generally used to identify malware and threat actor behaviors; this makes your MDR more effective and efficient compared to the methodology of searching hash values, IP addresses and Domain Names known as Indicators of Compromise (IoC). These IoCs tend to generate numerous false positives while missing malware and threat actor lateral activity across the network. 

Strategy #2: Take advantage of detection time of minutes and not weeks by adopting Managed Detection & Response services against ransomware, commodity malware and APT

MDR services augment in-house government security teams by providing proactive threat hunting integrated threat intelligence, 24x7x365 security monitoring, root cause analysis and rapid incident response. For departments that lack internal resources to build and maintain a SOC, solutions like OpenText MDR represents an ideal opportunity to transfer the costs and risks associated with increasing departmental overhead by implementing new technologies.

Case Study: Rapid Detection & Response in Higher Education: A Health & Science University.

  • Customer has 12,000 endpoints under management (Firewall and Proxy logs also being ingested as part of the MDR service)
  • OpenText MDR services notified the customer that they were breached with Cobalt Strike 
  • Customer immediately took the machine offline and made a forensics image of the machine 
  • Customer sent the forensic image to OpenText MDR services to perform a root cause and timeline analysis
  • OpenText MDR services completed the analysis and report to the client all within 48 hours of the breach

Strategy #3: Uncover hidden risks and threats before they make an impact on government networks

Section Seven of the Executive Order says: “The Federal Government shall employ all appropriate resources and authorities to maximize the early detection of cybersecurity vulnerabilities and incidents on its networks. This approach shall include increasing the Federal Government’s visibility into and detection of cybersecurity vulnerabilities and threats to agency networks in order to bolster the Federal Government’s cybersecurity efforts.”

MDR pairs best-in-breed technologies alongside security personnel with extensive experience working threat response investigations and malware analysis engagements. This deep bench and understanding of threat actor’s tactics, techniques and procedures leads to faster time to value, identification, and remediation of risks. Companies like OpenText continually invest in such threat solutions so that their detection and response capabilities can include advanced algorithms for threat modeling techniques and procedures (TTP’s). The results:

  • Up to 99% detection rate for unknown threats that have bypassed perimeter security and are present on the network.
  • Mean time to detection (MTTD) of less than 30-minutes. Per a SANs institute report, only 50% of organizations have an MTTD of less than 24-hours.
  • Up to 97% reduction in event noise and false positive alerts, focusing analysts on those alerts that represent the greatest risks while increasing the accuracy of threat identification.

OpenText’s MDR can either provide the endpoint agents and sensors needed to monitor the work environment, or we can work with EDR agents you may have already deployed. Our data sources extend beyond the endpoint to augment and add context and enrichment to alerts– including proxies, enterprise firewalls, web servers and authentication services. 

About OpenText MDR

MDR augments in-house agency security teams for a proactive approach to cyber resilience and threat hunting. OpenText MDR pairs best-in-breed technologies alongside security personnel with years of experience working breach response investigations and malware analysis engagements. This extensive experience and understanding of threat actor’s tactics, techniques, and procedures leads to fast time to value, identification, and remediation of risks. OpenText continually invests this experience into improving its detection and response capability and building advanced algorithms for threat modeling. 

Our MDR offering can deploy within days, support the mix of existing alerting technologies unique to each agency, provide the central platform required for sharing threat intelligence, root cause analysis, and standardized IR Playbook. 

Dave Hydorn

Dave Hydorn is VP, Sales & Security at OpenText.

Related Posts

Back to top button