Cyber Threats
A Helping Hand with Threat Detection and Response
Is it best to outsource SecOps?
by Jamie Holmes
Trend Micro blocked over 94 billion cyber-threats last year, a double-digit increase over 2020. But not everyone has the benefit of our threat detection technologies. And increasingly, bad actors are finding ways to infiltrate corporate networks without even using malware. That’s made detection and response a critical function for security operations (SecOps) teams. But many organisations are struggling with skills shortages, funding challenges and under-powered technology.
The bottom line is that when it comes to SecOps, the best choice is increasingly to outsource to the experts.
Breach costs soar
Breaches are on the rise. According to a government estimate from March 2021, around two-thirds of mid- and large-sized UK firms suffered a serious incident over the previous 12 months. The cost of these is also surging: the estimated average global cost per breach is now over $4.2m (£3.1m), the highest in 17 years. Even these figures can seem like an under-estimate in the case of a major ransomware breach, where some organisations have lost tens of millions in customer churn, reputational damage, productivity losses and more.
On the one hand, the corporate attack surface is greater than at any time in the past, thanks to large-scale investments in cloud and other digital projects. Remote workers and the infrastructure that supports them is another challenge: often under-patched, misconfigured and exposed to attack. On the other side, threat actors have access to a huge range of tools, tactics and techniques. By using breached credentials to access corporate networks, and legitimate tooling to move laterally, they can even avoid setting off any anti-malware alarms. What once were advanced techniques are now democratised throughout the cybercrime economy.
SecOps under pressure
All of which puts extra pressure on SecOps to find the early warnings signs of an intrusion before it becomes a serious incident. The problem is that many tools lack visibility into cloud environments, or remote working endpoints. Another is that many SecOps teams are bombarded by alerts from a surfeit of security point solutions, making it hard to know which to prioritise.
Research shows that such pressures are having a serious impact on SecOps analysts. Over 70% of Security Operations Centre (SOC) analysts say they’re emotionally overwhelmed by the volume of alerts coming through. They admit spending as much as 27% of their time dealing with false positives.
This matters, not just because it raises the prospect of more threats sneaking through under the radar while teams waste their time chasing dead ends. It could also mean security teams losing valuable members through burnout. Expensive SIEM platforms often claim to offer a solution to the challenge of alert overload. In reality, they require an investment not only of cash but of labour—constant fine-tuning being needed to keep them optimised.
Introducing Trend Micro ServiceOne
That’s increasingly why SecOps leaders are looking to partner with third-party providers capable of managing their threat detection and response efforts. Trend Micro Service One goes beyond typical offerings in this space. It’s built around Trend Micro’s leading XDR platform, which offers visibility and control across endpoints, servers, email, networks and cloud workloads.
With managed XDR (MDR) and Trend Micro Premium Support, ServiceOne customers get comprehensive threat detection and response 24/7/365. This includes:
- Round-the-clock monitoring
- IoC sweeps
- Impact analysis and triage recommendations
- Access to global incident response team
With ServiceOne, Trend Micro acts like an extension of a customer’s in-house SecOps team. That means reduced exposure to cyber and staffing risks, more manageable and predictable costs, and faster threat detection and response.
Find out more here.