Raising the Bar in Cybersecurity: How MDR is Leading the Fight

In this episode of The Cloud Lounge, host Zeshan Randhawa connects with Marty Landry, Head of Strategic & Channel Sales at Field Effect, to explore the rapidly shifting cybersecurity landscape. With cybercrime damages projected to reach staggering levels, the need for effective protection has never been more urgent—especially for small and medium-sized businesses.

Discover why Managed Detection and Response (MDR) solutions are becoming the go-to choice for SMBs, offering a balance of affordability and powerful defense capabilities. Marty shares actionable insights and key strategies to help you stay ahead of evolving threats and secure your digital future.

Don’t wait to take control of your organization’s cybersecurity. Tune in now to stay ahead of the threats and learn how to safeguard what matters most!

Transcript

You’re listening to the Cloud Lounge podcast, a show about business technology and all that jazz brought to you by Softlanding a leading IT service provider in Canada. Let’s get started. Here’s your host, Zeshan Randhawa. Welcome to the Cloud Lounge podcast. I’m your host Zeshan. Well, October has just passed which was cybersecurity Awareness Month started in 2004. This initiative aimed to raise awareness about the importance of cybersecurity and encourage actions to reduce online risks. Now, even though the official month has passed, it doesn’t mean we shouldn’t seize the opportunity to jump into the world of cybersecurity. Cyber attacks are growing in volume and sophistication with global damages from cybercrime expected to reach $10.5 trillion annually by 2025. This is compared to three trillion in 2015. And ransomware remains one of the most pervasive threats with average recovery costs skyrocketing to $4.5 million per incident. An interesting angle to all of this is the fact that over 43% of cyberattacks target SM BS or small and medium sized businesses. Yet only 14% of these businesses are prepared to defend themselves. Now managed detection and response. MDR is increasingly being adopted by these businesses due to its affordability and high impact. And of course, now with AI, we are seeing some changes AI driven attacks are becoming more common, but AI is also being used in MDR solutions to improve the detection of anomalies and reduce the time to respond to threats. Over 61% of companies are expected to incorporate AI into their cybersecurity strategies by 2025. And this leads us to our guest for today, someone who lives and breathes in the cybersecurity world to talk about our topic. Today, we have Marty Landry, Head of Sales at Field Effect. Welcome to the podcast, Marty. Thanks so much for having me. It’s a pleasure to be here. Absolutely. Just starting at the top here, Marty, we know cyber threats are on the rise globally. Can you provide a bit of an overview on the current cybersecurity landscape and major threats that businesses are facing in Canada today? Yeah, it’s an interesting one. Certainly, the evolution of cybercrime is certainly on the rise. There’s a number of factors that that go into this. Obviously, there’s geopolitical factors since COVID-19, the switch to remote work, more cloud services, more data that can be accessed from anywhere and all of this is is great for business continuity and and other things, but also it provides more risk to businesses as well too. And it really increases what we call that threat surface, right? And the threat surface is anywhere that an attacker could potentially access your data, whether that be in the cloud, whether that be on your endpoints, whether that be on your servers. And with folks, you know, working from home or working from Starbucks and accessing this data from different areas. It all poses a greater risk in cybersecurity challenges for businesses today. The other thing that we’re seeing is more and more attacks moving down to the SMB level as well too. And SMBs face the same threats that are currently facing large enterprise but must combat them with far fewer resources. So all of this can pose a challenge in today’s threat landscape for sure. Absolutely. And you mentioned the small medium sized businesses, the SMBs if you will and we’ve seen that over 43% of cyber attacks target SMBs. Yet many are, are very unprepared. What makes these businesses particularly vulnerable and how can they start improving their cybersecurity posture? Yeah, certainly, you know, the problem for small to medium sized businesses is they face the same threats as those that are facing the big guys, but they must combat them with far lower resources than, you know, a large enterprise. So for a cyber criminal, wherever they are, they, they have ransomware, they have malware, they have tactics techniques and procedures and really when they look at a small to medium sized business. They’ve really turned their eyes there because they’re sort of that unlocked car in the parking lot. Right. It’s a lot easier to say rob a convenience store than it is to rob a bank. So, the problem for these small to medium size businesses is they don’t have the resources, they don’t have the teams, they don’t have the tooling. You know, it, it becomes a really hard problem for them to solve, right? So the biggest thing that businesses can start doing today is ensuring that they’re providing education to their employees that they are on the cutting edge of security. So, solutions that worked 10 to 15 years ago or things like antivirus, right? It has virus in the name, so I must be protected. Those are just not going to protect against today’s threats. So the biggest thing for, for SMBs today is is to ensure that they have the visibility that they need to properly protect themselves. But also the right tooling in place that’s going to be able to be manned for them and provide clarity and visibility in a really simple form because a lot of the tools out there are built for enterprise and they’re complex and they’re complex to manage and you need big security teams to manage them. So, you know, making sure that, that you’re aligning with either a partner, a security partner or an organization that’s gonna provide you visibility across your entire threat surfaces which is what’s key today. And when I say threat surface, I mean, all of your endpoints which are laptops and workstations across your entire network in, in the cloud services that you’re leveraging, whether it be Microsoft 365 or G suite or others. Absolutely. And, and on the topic of cutting edge security, let’s dive a little into manage detection and response or MDR. Can you explain what MDR is and how it fits into a modern cybersecurity strategy? Yeah, for sure. And MDR is really a great fit to, to what I was alluding to in, in the previous discussion. And MDR is in a stand alone technology, but it’s a managed service that combines the benefits of a lot of the cybersecurity solutions that are out there on the market today, like endpoint protection or security information and event management systems into a more convenient offering. So what it does is it really helps alleviate the challenge of hiring skilled cybersecurity professionals and building and maintaining an in-house security program. Like I said earlier, this is a lot tougher to manage for small to medium sized businesses, right? And those solutions that I mentioned, they generate a significant amount of information, they require teams that can parse together big volumes of alert data, determine what’s a false positive, what’s an actual threat. And MDR really takes this responsibility off of the client’s shoulders and it places the detection and the response duties in the hands of experienced third party security providers. So in in essence, really what MDR or managed detection and response is doing is offering a service oriented approach to traditional detection and response activities. You know, more advanced MDR solutions, not all MDRs are created equal. Some may just focus on, on endpoints or on clouds. But many solutions today even include other functionality like vulnerability detection, DNS firewalls that, that look at bad links or phishing websites, email analysis and much more. So the MDR option not only enhances security, but it allows organizations to basically outsource and focus on their core business without being bogged down by complex cybersecurity demands. It allows them to really expand their team and outsource those big security problems to professionals that know what they’re doing. And you know, it it’s very hard for a small medium size business to be able to access a team that’s watching and monitoring 24 by seven. But ultimately, that’s what you need nowadays, right? The bad guys are up 24 by seven. They might be on the other side of the world. They are experts at this, this is what they do and we need that same expertise on our side to be up to combat the problem. So the advent of of MDRs really helps small to medium size businesses with us. Absolutely kind of levels the playing field for sure. You mentioned ransomware attacks earlier as well and, and, and we know ransomware attacks have surged with the average recovery cost now exceeding close to $4.5 million. How does MDR help in detecting and responding to ransomware attacks? And why is it an essential layer of defense? Yeah, for sure. So as I mentioned before, you know, there’s forms of MDR but MDR is really gonna allow it and security teams to focus on strategic initiatives that align with their business goals. So maybe you have an it team or a security team and they can sort of focus on that, that build and that operate function while the MDR portion is really going to take care of that security function, right? This may be event analysis. So MDR really handles the hard work of analyzing, you know, billions of security events, weeding out the false positives, you know, combining machine learning with human intelligence to really figure out what’s good and what’s bad. You know, this goes into things like we talk about alert triage, right? So, so triaging these alerts, prioritizing the activities that they need to concentrate on. So an MDR solution may raise a flag to a business saying there’s not someone sort of breaking through your doors today, but you have this vulnerability, you have this unpatched system, it’s being exploited in the wild. If you don’t close it up, if you don’t patch that system, you will be susceptible to an attack and, and that really ties into the vulnerability management piece as well too. Right. So MDR proactively addresses these vulnerabilities. A big part of it isn’t just blocking the bad things when they happen, but a big part of it is sort of cybersecurity hygiene and making sure that you’re not a target. And when that cyber criminals walking down the street, they’re looking at your house and it’s got the barbed wire fence and, and all the windows and doors have been locked and closed and then they see the the business beside you with its windows wide open and its doors wide open. And because, you know, they haven’t been monitoring and they haven’t been sort of keeping good cyber hygiene in that case, you know that they’re gonna go to the low hanging fruit. So MDR really combines a proactive measure as well as that threat hunting and that remediation. So that when an incident does happen, you have cybersecurity professionals that are on it immediately. This might be 2 a.m. on a Saturday. Typically it’s not, you know, 11 pm, 11 a.m. on a Wednesday, right? You know, MDR provider can typically lock a compromised account or remediate a cybersecurity incident and really minimize the damage and the recovery time after an incident as well too. Excellent. Excellent. And Marty, we know with A I playing a growing role in cybersecurity, how are A I and machine learning being used within MDR solutions to improve accuracy and automate the threat response. Yeah, I’m glad you brought it up. Right. These are interesting buzzwords, AI and machine learning are definitely very useful inside an MDR solution. But I’m not sure that improving accuracy or automating threat response are really where uh where AI is most useful today. So AI still makes too many mistakes. An experienced cybersecurity analyst will be far more accurate at identifying threats. So I’m always wary of solutions that are relying just on AI and with the potential for an accurate results, having AI automatically respond to threats can actually be a significant business risk. So I think for an MDR solution, you know, specifically like ours AI and MML. And when I say ML, I mean, machine learning are best leveraged to process large quantities of data, flag potential suspicious and anomalous events so that we can bring those to the purview of an analyst, a real human that can review and investigate further. They’re really good for sort of aggregating and collecting that data and, and bringing it together so that the analysts can do their job. Absolutely using it as a tool rather than the entire solution. Exactly right. That’s exactly it. It’s, it’s a tool in the toolbox. And given that SMBs often have kind of limited budgets and resources, as you mentioned earlier as well. Again, going back to MDR ho how does that offer an affordable and effective solution for protecting these smaller businesses from cyber threats? Yeah, it’s a great question. I mean, it’s always about risk. Right. And it’s always about what’s the cost of the asset versus the cost of protecting it, but for a small to medium sized business to stay ahead of today’s threats, you need someone that’s up 24 by seven. You know, as I mentioned, you, you, you know, threats don’t happen Wednesday at 11 a.m. they happen Saturday at 2 a.m. you know, or on a weekend or when you’re, you’re at least suspecting it. So to build a cybersecurity team for a small to medium sized business, you know, you might be talking 5 to 10 cybersecurity professionals or more and then you’re talking about all the tooling that they need and then you need cross shifts. You need folks that are up 24 by seven. So when you look at the cost of the tools, the cost to manage it. Not to mention, it’s really hard to find these very bright knowledgeable and quite frankly expensive cybersecurity professionals, it becomes unattainable for most small to medium size businesses which leaves them unprotected, right? So this is where MD R can come into play and just drive a ton of efficiency for the business. When we outsource these things, typically, you know, they’re licensed on a per user cost. That makes a lot of sense for, for a small to medium sized business, they’re only paying for the amount of users that they have and they gain all the benefits of having this team without having to staff it, without having to worry about retain these cybersecurity professionals which are extremely hard to retain and updating all of their systems as well too. Right. So, so it just streamlines the whole process and really provides a much more affordable approach. That makes a lot, a lot more sense for a small to medium size business. They gain all the benefits without having to take the overhead of hiring the team and buying the tools. Absolutely. And finding all those uh professionals out there. So bringing out the kind of crystal ball here, if you will, what advancements do you foresee in the MDR kind of space over the next few years and how will emerging technologies like AI and five GS and IOT influence its evolution? Yeah, it’s a great question. And so it sort of goes back to that threat surface comment, right? A threat surface is anywhere that an attacker can get into your organization, really anything that’s internet facing, anything that’s connected to the internet. So when I think about that today, you know, I think about the network, I think about cloud, I think about your laptops and your workstations and servers and five G and IOT really just expand that organization’s threat surface, right? So to handle this MDR solutions inherently are gonna have to bring in more telemetry. Right. More information. Now, this is where AI and machine learning running on top of scalable data stores will really help MDR providers keep up with that increased volume of data that’ll help organizations sort of detect and respond to security events much more quickly. So to minimize the probability and impact of an incident, MDR solutions will really have to double down on something that we’ve been doing for a while, but just doing it at a larger scale, right? And this means proactively looking at risk posture, proactively looking at vulnerabilities, trying to determine if there’s any open doors or unpatched systems where organizations can come in. And that’s where AI and ML can be really useful to identify those cybersecurity risks and ultimately help to communicate any remediation advice that comes from it. And Marty, we love hearing kind of real world examples and scenarios. Are you able to share a case where kind of MDR helped divert a significant cybersecurity incidents and what kind of lessons other businesses can learn from this example? Yeah, I mean, we see this stuff every day, right? And the biggest way that I can explain MDR in the simplest form would be sort of the difference between antivirus or, you know, something that’s a piece of security tooling that that’s just blocking would be the difference between putting locks on your business’s door and actually having security cameras. Right. And watching and having that visit 24 by seven, that’s really what MDR is doing and I see it as no different as, you know, the advent of physical security and, and how that, that’s grown for businesses. Right. If, if you’re a business today you probably have some type of alarm system, you probably have security cameras and that’s sort of what we’re doing with MDR. So we’re constantly monitoring. And so some examples of that would be, for instance, business email compromise is a huge one, right? And so we’re constantly looking and seeing things like malicious login activity. So we can tell that a user’s laptop might be, you know, in Canada. And then now there’s a login attempt from, from the other side of the world, right? The creation of inbox rules is one that we’ve seen quite frequently, right? So typically what will happen is, you know, a user may get an email Impersonating Microsoft, you have to update or change your password. Little. Do you know you’re giving your credentials away an attacker? Now has your credentials, they sign into your email account and then they’re gonna go ahead and do a financial fraud situation. So they’re gonna email a vendor or email someone telling them to that they need to put a wire transfer somewhere and it’s not to the right spot. We see this all the time. So we have detection rules that will trigger for you know, suspicious inbox rules. So one thing that, that we see often in these situations is the attacker will, they don’t want you to know that you’re inside their inbox. So they’ll set up an inbox rule to basically delete any emails that get sent after they’re sent and have any replies go to a different folder. So you never even see them. Right? So we’ll alert on these inbox rules, these detection triggers the customer to change their password reset authentication sessions and pretty much block the threat actors access to the inbox so that they can no longer insert themselves into a financial email transaction or defraud a client. This is one that, that we see often, sometimes it’s not a threat actor, but it’s abnormalities that we’re seeing as well too. Right? And this is again going back to that, that aspect of monitoring. So we’ll notice that Marty who works in sales and marketing is now in the finance, you know, and only works 9 to 5 Monday to Friday is suddenly in the finance folder, you know, in SharePoint at 2 a.m. on a Saturday, pulling down large amounts of data at times that he typically wouldn’t be there or typically be accessing that data. Those are all flags that we look for. We had one the other day where it wasn’t a threat actor, but we alerted on large amounts of data being pulled down and they actually the response back was thank you, it wasn’t a threat actor, but it’s that employees lost data model, right? So, so some of this can even be data loss prevention. We’re seeing tons of things in terms of vulnerabilities. Software has vulnerabilities inherently and, and what Attackers do is they exploit those vulnerabilities. So if you ever getting that update on your iphone or, or your browser that says perform this update, it, it’s gonna fix these following bugs, do that update as quickly as possible because that’s really a blueprint for an attacker. Uh If there’s security bugs that they can get around to, to get around it. So we’ve alerted on these systems that haven’t been updated, whether it be firewalls, you know, Sonicwall vulnerabilities has been a big one lately as well too. And early detection has triggered our clients to update it and make sure that they’re blocking these threats as well too. So we see this stuff every day. It’s the visibility, right? It’s that unknown. There’s a number of steps that an attacker needs to go through before they actually press that button to execute their attack. And the earlier on that, we can see those things happening that we can see an account getting taken over that we can see backups being replicated that we can see Attackers moving laterally within a network upgrading privilege to an administrator. These are all techniques that they use and an MDR solution will catch those very early on before the bad thing happens at the end of the day. Those are some examples of that, that we’re seeing out there right now. Absolutely. And I think all of those really illustrate again, going back to your point how cybersecurity is more than just a virus detector or scanner. Right. Yeah. Absolutely. It is. Right. And that’s the biggest thing that I would take away here is visibility and 24 by seven monitoring. Right. We, we can’t stop what we can’t see. It’s a lot like going to the dentist, right? You, you’ve got, if you keep your teeth clean, ultimately, you know, you’re not gonna get a cavity and cybersecurity is a lot of the same way, right? Is, is constantly monitoring, constantly looking for vulnerabilities, constantly closing those open doors. And if we do that, then we’ll stay ahead of the Attackers and stay ahead of the threats. So, lastly, Marty, we all know, you know, technology always isn’t the answer for everything I’d love to hear from you. How kind of businesses can foster a more proactive cybersecurity culture? What does MDR kind of contribute to being a resilient security, first mindset kind of promoter across the organization? Yeah, absolutely. And I think first and foremost, the biggest thing is cybersecurity is not an it problem, right? It’s everyone’s problem. If there’s a financial redirection, it becomes finance’s problem. If you need to disclose a breach to your constituents, it becomes a sales and marketing and branding problem, right? So no matter where you are in the organization, I think everyone has a duty to be cyber aware and it impacts all levels of the organization. So it’s not an it problem, it’s an organizational issue that, that everyone needs to be aware of. And so the biggest thing that I would go back to is of course, educating your employees think before you click on a link, we have a tool inside of our MD R service where users can actually upload suspicious emails and we’ll let them know if that email is, is safe or malicious. And there’s a number of ways that, that you can do this. So do security awareness training, multi factor authentication is a simple one. Such an easy one that I know some people hate or, or find that step annoying, but it can be the difference between someone logging into your, your account or not. So when forcing things like like multi factor authentication and then ultimately again, just, just looking at it from a risk perspective and making sure that you have that visibility and monitoring. I would say, you know, if you don’t have someone that’s watching 24 by seven, if you don’t have visibility into all of your systems with a monitoring solution like MD R in place, then you don’t have the visibility that you require in order to protect against today’s threats as well too. So I think it’s just an organizational cultural thing, but also making sure that you’re doing the best that you can to make sure that your employees are bought in and don’t make it a scary or a bad thing. Like, people are going to click on links. We’re a security company here and I would say there’s probably some very smart people that would tell you anyone could impersonate an email that looks real. Right. Some of them are becoming very sophisticated. So for employees just because you click on something, don’t make them feel like they’re gonna get fired or, or you know, something is gonna happen. Yeah, exactly. Promote a culture of letting people know, being vocal, letting your friends know when you see a suspicious email. You know, maybe that’s on a company chat or whatever it may be, but certainly promote a culture of if something bad happens, then then make sure that you can tell your security team so that it can get rectified. Excellent. Well, Marty, I really do appreciate you spending some time with us today, kind of walking through these different scenarios and your thoughts on the cybersecurity place. Thank you so much for joining us in the cloud launch podcast. Yeah, absolutely. It was a true pleasure and I really appreciate the opportunity to be part of it as well. Cybersecurity is not just a technical issue, it’s a business imperative in this climate with cyber attacks growing in volume and sophistication. It’s crucial for organizations of all sizes to stay vigilant and proactive the rise of ransomware, the increasing use of AI and cyber attacks and the significant financial impact of data breaches highlight the urgent need for robust cybersecurity measures as we look into the future. It’s clear that cybersecurity will continue to be a dynamic and challenging field. The integration of AI, the growing importance of cybersecurity skills and the need for proactive cybersecurity culture are all critical factors that will shape the landscape in the coming years. I would like to thank Marty Landry for joining us today in our conversation. If you enjoyed this episode, please leave us a rating and review on your favorite podcast platform. Until next time, this has been the Cloud Lounge podcast. Take care.

 

Subscribe

Click the links below to subscribe in your favourite podcast app

     

Written By:

softlanding

Softlanding is a long-established IT services provider of transformation, professional services and managed IT services that helps organizations boost innovation and drive business value. We are a multi-award-winning Microsoft Gold Partner with 13 Gold Competencies and we use our experience and expertise to be a trusted advisor to our clients. Headquartered in Vancouver, BC, we have staff and offices in Toronto, Montreal and Calgary to serve clients across Canada.

More By This Author