Trends favor companies that specialize in managed detection and response (MDR). The stats explain why many enterprises seek additional help from MDRs:
- A deficit of 2M security professionals by 20191
- 191 days average dwell time before attack discovery2
- 70% false positives for Tier 1 analysis3
- 90+ security vendors in one enterprise4
Gartner5 predicts about 1% of all organizations leverage a MDR vendor today. Growth of MDRs will escalate to 15% of all organizations using a MDR by 2020. To make this happen, the industry is re-evaluating how SOCs (security operations centers) are run. Traditionally, SOCs rely on Tier 1 analysts, SIEM rules and logs, and threat intelligence to methodically detect and stop threats. Yet this model has been failing due to all of the reasons we noted.
The Need for Speed
A PatternEx customer (one of the world's largest consulting firms) shared with us that they are seeing the average enterprise put nearly 70% of SOC resources towards Tier 1 and Tier 2 analysts. And this is based on a Tier 1 analyst being forced to assess an alert in 3-5min and a Tier 2 analyst given about 2-3 hours per escalation. Yet in the flow of Tier 1, Tier 2, and eventually Tier 3 analysts, only about 20 or so "true" critical threats will be discovered in the course of a week (for an enterprise of about 30,000 employees). That is a huge cost for MDR's that they must address for them to truly help their customers and their own business.
Sweeping it under the rug6?
MDRs are building their own SOC "stack" to kill off these SOC efficiency issues - and AI is a core component of that. PatternEx has seen in our MDR customer base an increasing sophistication of leveraging AI not just for reducing the reliance on the manual efforts of Tier 1 analysts, but also capturing the threat hunting and Tier 3 analysts knowledge in an AI model. This means best practice MDR stacks are using unsupervised learning, supervised learning, and active/transfer learning technologies.
“Fast-moving and changing attacks will require defenses that move just as quickly, using AI and automation to augment human intelligence” - Forrester
PatternEx applauds the MDR market for helping companies and governments worldwide move past the "log slog" and getting truly more proactive about security threats. And not only are MDRs direct value in protecting customers from more threats, faster and at lower costs - but also ensuring MDRs generate a healthy business with this AI stack. We also look forward to more MSSPs moving in this direction (and we are here to help!).
PatternEx Helps You Clean Up Dirty SOCs
We believe an AI stack will be the future as adversaries start using AI for initiating attacks. Let PatternEx know how we can help you enhance your SOC stack - and get the results your customers need and the efficiency and margins you want.
1(Booz Allen/Frost& Sullivan 2017 GISWS Report)
2 (Ponemon 2018 report)
5Gartner Market Guide for Managed Detection and Response Services, Toby Bussa, Craig Lawson, Kelly M. Kavanagh, Sid Deshpande, 11 June 2018.
6Advanced Threat Analytics 2018 report