Trustwave recently announced new managed detection and response (MDR) offerings built to improve threat visibility, rapidly detect, and respond to threats, and boost the overall cybersecurity resilience of organizations to combat the evolving threat landscape. Trustwave MDR and Trustwave MDR Elite provide organizations across the globe with real-time 24x7 monitoring of their hybrid multi-cloud environments for active threats and anomalies, backed by an elite team of global threat operators, threat hunters, and malware experts.
Most notably, Trustwave MDR Elite clients can benefit from an industry leading service level offering mean time to acknowledge (MTTA) of 15 minutes and personalized mean time to respond (MTTR) of less than 30 minutes with integrated client defined response protocols.
We sat down with Tom Powledge, Chief Products Officer, Trustwave, to learn more about the new offerings and what challenges MDR aims to solve for organizations in their fight against cybercriminals.
How has MDR changed over the years? What makes MDR such a critical piece of a security strategy?
MDR offerings have been around long enough that it has become a formal market recognized and studied by industry analysts and consumed in a mainstream fashion as a key component of security programs. Many MDR providers were born from Digital Forensics and Incident Response (DFIR) teams and relied heavily on Endpoint Detection and Response (EDR) agents for what was primarily a Hunt and Respond type of service. Since then, MDR has merged with traditional wide-scale security threat monitoring services and become both broader in detection and response capabilities and more focused on real-time 24x7 operations.
MDR is one of the fastest-growing areas of cybersecurity. Gartner estimates that 50 percent of organizations will be using MDR services by 2025 and that the market is growing at a rate nearly 5 times that of other MSS offerings. As MDR offerings have evolved, providers have been able to derive important insights and contextual knowledge about threats and vulnerabilities from client environments, improving organization’s threat visibility and ability to rapidly detect and respond to threats in ways that boost cybersecurity resilience.
An experienced MDR provider has a rapid time-to-value, helping an organization achieve its expected ROI in hours or days. Today, it’s important that MDR providers leverage extended detection and response (XDR) platforms that integrate with cloud and hybrid infrastructure. This allows the organization to respond quickly across a broad section of the organization's attack surface.
2. What threats are organizations struggling with and how does MDR help combat them?
As attack surfaces grow from the rapid digitization of services, often with less centralized control, the need to detect threats before they cause irreparable damage is greater than ever. Amid that, organizations are struggling to find and retain cybersecurity professionals to staff their teams; globally, there is a cybersecurity worker shortage of nearly 3 million.
Many organizations today struggle to manage the proliferation of cybersecurity tools and technologies and have difficulty filtering large volumes of data fast enough to discover and respond to critical cyber threats. MDR helps organizations improve their threat visibility with focused telemetry data being made available at just the right time to inform and enable precise responses to contain and mitigate threats. This is especially important for complex, hybrid IT environments where it is difficult to continually secure the full attack surface.
3. What sets Trustwave apart from the rest of the MDR industry?
Trustwave has been providing MDR services for over six years, innovating, evolving, and maturing the offerings to achieve maximum value, consistency, and effectiveness for clients.
Trustwave's MDR solutions are based on field-proven processes formed in hundreds of incident response engagements, leveraged and integrated with market-proven technologies, and provided by seasoned industry experts on a global scale. MDR services have a focus on personalizing configurations to an organization during deployment, and then continually tuning and optimizing all aspects of the client’s solution during steady state with proactive touchpoints and named threat experts who build relationships with clients to become extended members of the client security team. The result is an ability to detect what others cannot, enabling fast, consistent, and efficient response actions that stop threats from impacting a client’s environment. Trustwave's rapid time to value takes mere seconds to ingest data with production of outcomes within 10 minutes or less. Trustwave's MDR mean time to respond (MTTR) service level is less than 30 minutes, tailored to organizations’ unique environments and response protocols. Beyond that, MDR customers are typically fully onboarded in as little as 10 days – much quicker than the industry standard.
Additionally, Trustwave MDR customers benefit from curated threat intel artifacts (data on threat actors, malware, and vulnerabilities from around the world, including malicious URLs, IP addresses, file hashes and more) from Trustwave’s broad client base, extensive Intel-sharing relationships, and our own elite security research from SpiderLabs, all stored in our Global Threat Database (GTDB). MDR clients also receive access to Trustwave Security Colony, an online platform that captures anonymized deliverables, templates, and benchmarking information from hundreds of cybersecurity consulting engagements as well as client contributors. Giving clients access to these resources jumpstarts maturity at a pace only achievable through crowdsourcing.
Unlike many MDR providers, Trustwave has a broad portfolio of services that compliment MDR. This includes co-managed SOC, security technology management, penetration testing, DFIR and a host of consulting and professional services offerings. Packaged together, Trustwave becomes a highly valuable partner who can meet clients wherever they are in terms of maturity and grow with them over time to increase cyber resiliency.
4. What can we expect from Trustwave in the future?
Trustwave will continue to innovate its MDR offerings, adding features and extending the ways clients benefit from MDR solutions. Detecting and responding to threats is extremely important, but only one part of an organization’s cybersecurity program. Bringing clients zero-trust architectures, implementing real-time exposure management, and keeping pace with the continued convergence of IT and OT/IOT is top of mind.