When MDR providers add automated threat response, threat hunting and remediation capabilities to XDR, and when they offer access to skilled security analytics, they show that they’re “laser-focused” on defending healthcare organizations, Thorn says. They’re also going above and beyond what’s typically available from a managed security service provider.
“MSSP services tend to be reactive in nature, focused on management, monitoring and vulnerabilities,” he says. “Vendors often will manage security infrastructure such as security information and event management platforms and firewalls, but generally they won’t have the same level of threat analytics, forensics and integrated intelligence as MDR providers leveraging XDR tools.”
The XDR platform’s data lake provides an additional benefit to healthcare organizations, DeFord notes: It builds an inventory of endpoints, devices and applications in use throughout the facility. Here, an effective MDR provider will go beyond simply providing the list and will help organizations determine what can be managed directly, what needs to be managed through a more secure endpoint and what ought to be taken offline entirely, he adds.
How MDR Services and Threat Hunting Benefit Healthcare
MDR’s close ties to threat hunting — the proactive search for, detection of and isolation of active threats within an IT environment — serves healthcare well for several reasons.
One is that organizations tend to compensate for short-staffed cybersecurity teams with the adoption of additional monitoring tools. Unfortunately, this tends to heighten alert fatigue and leaves teams ill-equipped to truly assess the threats they face, DeFord says.
“If you get thousands of alerts and you only look at the highs, then you’re overlooking the mediums and lows that turn out to be real threats,” DeFord says. “Most organizations don’t have people with the experience to do that. You need to use artificial intelligence and machine learning to find the things you need to pay attention to, and refine that search over time.”
Additionally, the combination of MDR and XDR protects organizations against a range of possible attacks, Thorn says. Along with well-known threats such as ransomware and phishing, MDR providers will look for advanced, persistent threats that can be difficult to identify, such as compromised accounts, risky cloud configurations, remote access trojans or attempts to exfiltrate data.
A third benefit is the potential to identify, isolate and mitigate threats before they escalate into a service interruption — a risk that hospitals and health systems can ill afford, Thorn says.
“The combination of machine learning, threat intelligence, behavioral analysis engines and expert-led threat hunting can uncover threats organizations just won’t find otherwise,” he says. “MDR services reduce incident response and containment times, ultimately lowering the impact of incidents.”
Keep this page bookmarked to keep up with all of HealthTech’s Cybersecurity Awareness Month coverage, including more on managed detection and response.