Boost’s Post

Managed detection and response (MDR) went and had itself a big week. If you're a cyber insurance broker, you should keep reading. On Monday, Coalition, Inc., in its broker newsletter, proclaimed that "MDR is the Next MFA for Cyber Insurance". Then, later in the week, At-Bay announced the launch of their own MDR service (to serve their own insureds, of course, but also to compete with Coalition's MDR service). Think about what that says about the direction of the insurance industry and MDR. The amount of investment needed to stand up an MDR service is not insignificant. These insurance firms don't make that kind of strategic decision without being sure that MDR is THE control to bet the farm on. [This is where I acknowledge my own potential bias: I work for a firm that sells MDR; that doesn't mean any of this is less telling, but I didn't want that to go unsaid.] At-Bay acknowledged the impact of MDR by saying an "MDR solution could help prevent or mitigate the losses of more than 50% of cyber insurance claims" [I'd argue the number is even higher based on what we see here at Arctic Wolf Incident Response]. And when, again according to At-Bay, "building your own 24x7 [security operations center] can cost $1mil+" annually, yeah, MDR sounds mighty appealing. But if you're an insurance broker who now needs to understand what MDR is (and who is probably ticked off that they might have to go back to insureds, with another 'gotta have it' control, here's the [nerdiest possible] MDR explanation: Remember in Lord of the Rings when Sauron gave the 'Rings of Power' to the elves, dwarves, and men? And then created the 'One Ring to rule them all' (giving himself power over all life via the One Ring which bound all the Rings of Power together)? [I told you this was getting nerdy] MDR is kind of like the 'One Ring'. Yes, it's a control, but it's more than that: it's a unifying theory of how security controls should be operationalized. Buying security controls (EDR, MFA, etc) but not having the in-house staff and expertise to extract security value from those controls means that those controls may not lead to the security posture improvements that you need to stay protected in today's threat environment. Buying MDR is essentially buying the fractional staff and expertise (that most firms can't afford to resource) needed to extract maximum value from your security controls. This can be done in a product-tied way (i.e. an EDR vendor selling an MDR service for their control) or in a product-agnostic way (i.e. an MDR vendor providing an MDR service for whatever controls you already have). Both have advantages, both have disadvantages, but both are better than not having an MDR solution at all. Very interested to see how this shapes both the insurance and security markets in 2024. #cyberinsurance #cybersecurity #informationsecurity #security

Managed detection and response (MDR) went and had itself a big week. If you're a cyber insurance broker, you should keep reading. On Monday, Coalition, Inc., in its broker newsletter, proclaimed that "MDR is the Next MFA for Cyber Insurance". Then, later in the week, At-Bay announced the launch of their own MDR service (to serve their own insureds, of course, but also to compete with Coalition's MDR service). Think about what that says about the direction of the insurance industry and MDR. The amount of investment needed to stand up an MDR service is not insignificant. These insurance firms don't make that kind of strategic decision without being sure that MDR is THE control to bet the farm on. [This is where I acknowledge my own potential bias: I work for a firm that sells MDR; that doesn't mean any of this is less telling, but I didn't want that to go unsaid.] At-Bay acknowledged the impact of MDR by saying an "MDR solution could help prevent or mitigate the losses of more than 50% of cyber insurance claims" [I'd argue the number is even higher based on what we see here at Arctic Wolf Incident Response]. And when, again according to At-Bay, "building your own 24x7 [security operations center] can cost $1mil+" annually, yeah, MDR sounds mighty appealing. But if you're an insurance broker who now needs to understand what MDR is (and who is probably ticked off that they might have to go back to insureds, with another 'gotta have it' control, here's the [nerdiest possible] MDR explanation: Remember in Lord of the Rings when Sauron gave the 'Rings of Power' to the elves, dwarves, and men? And then created the 'One Ring to rule them all' (giving himself power over all life via the One Ring which bound all the Rings of Power together)? [I told you this was getting nerdy] MDR is kind of like the 'One Ring'. Yes, it's a control, but it's more than that: it's a unifying theory of how security controls should be operationalized. Buying security controls (EDR, MFA, etc) but not having the in-house staff and expertise to extract security value from those controls means that those controls may not lead to the security posture improvements that you need to stay protected in today's threat environment. Buying MDR is essentially buying the fractional staff and expertise (that most firms can't afford to resource) needed to extract maximum value from your security controls. This can be done in a product-tied way (i.e. an EDR vendor selling an MDR service for their control) or in a product-agnostic way (i.e. an MDR vendor providing an MDR service for whatever controls you already have). Both have advantages, both have disadvantages, but both are better than not having an MDR solution at all. Very interested to see how this shapes both the insurance and security markets in 2024. #cyberinsurance #cybersecurity #informationsecurity #security