Exposure Management for Managed Detection and Response

by | Aug 18, 2022 | AI in Automated Pen Test, Ridge Security

Managed Detection and Response (MDR) is a fast-growing segment of the broader MSSP market. MDR services include threat monitoring, detection, and response from a remote security operations center (SOC). These functions allow organizations to detect, analyze, and mitigate active threats.

MDR is an established market. Gartner estimates that by 2025, the MDR market will reach $2.15 billion in revenue, up from $1.03 billion in 2021, for a compound annual growth rate (CAGR) of 20.2%. Currently, there are well over 100 providers of MDR services.

Many organizations fail with their threat monitoring, detection, and response initiatives because they are too focused on wide-scale data collection and generic security monitoring. Instead, they should be focusing on risks and vulnerabilities that are inherent in the network and which directly impact their customer’s business operations.

One way to differentiate MDR services is to focus on “exposure management,” which uses validation-type capabilities, such as breach and attack simulation (BAS) and/or penetration testing as a service (PTaaS), to test and understand threat scenarios in an environment on a continuous basis. Frequent penetration testing – rather than traditional, single test or annual testing, will uncover risks and vulnerabilities that emerge as the network continuously evolves.

There are many advantages to offering penetration testing as a service (PTaaS). Here are a few:

  • Penetration testing and red teaming activities have traditionally been heavily dependent on human testers and their toolkits of commercial and proprietary tools. RidgeBot’s AI driven technology can automate network penetration tests and red team activities. It can provide an important adjunct to the MDR services already being offered.
  • RidgeBot’s AI driven technology can help “prevent attacks” by identifying vulnerabilities that put your customer’s environment, user accounts, and cloud applications at risk.
  • Most organizations have made substantial investments in network security and they assume that they are protected. But a 2020 Mandiant Security Effectiveness Report found that 53% of successful attacks were never detected, even when they use a SIEM, SOAR, and analysis platforms. One of the main reasons that attacks are not detected is that security tools are often deployed with default “out-of-the-box configurations.” RidgeBot can be used to tune these tools so that security events are seen by the SIEM.
  • There has been an explosion of connected devices on the network including: The Internet of Things (IoT), the “bring your own device” (BYOD) trend, cloud migration initiatives, and a host of new or custom applications, which have given hackers an almost infinite number of ways to infiltrate a network.  RidgeBot’s AI driven technology can relentlessly track down the risks posed by these devices.
  • RidgeBot is an advanced penetration tool. It does not require you to install agents or software tools across your network. It does not require you to clean-up agents or tools after the tests are completed. It is an ideal tool for continuous threat detection and risk mitigation.
  • RidgeBot provides a complete picture of your threat landscape. It provides a kill chain for each successful attack. Many other vendors only provide a confidence level (percentage) that there might be a vulnerability.
  • RidgeBot provides a detailed test report which can be used to meet compliance requirements and inform your management team.

In summary, RidgeBot can differentiate your MDR solution by focusing on risks and vulnerabilities that are inherent in the network and which directly impact your customer’s business operations. It fully automates continuous testing enabling you to prioritize and remediate risks as the network evolves. It provides test reports that meet compliance requirements and addresses board level security concerns. And, it doesn’t require highly skilled security personnel to achieve expert results.

Side Note: Recently, Ridge Security teamed up with Trelllix Helix. Trellix is a cybersecurity company created from the merger of McAfee Enterprise and FireEye offering an open extended detection and response (XDR) platform. RidgeBot will provide continuous testing enabling Trellix Helix to detect, analyze, prioritize, and mitigate active threats. It will provide a holistic view of your threat landscape. To learn more, click here.