The Role of Managed Detection and Response
Oct 06, 2021

Mon, Apr 26, 2021
Kroll, Red Canary and VMware conducted a survey of over 400 information security and 100 legal and compliance leaders from companies with over $500M in annual revenue to capture the current state of incident response from a technical and legal perspective. Our goal was to highlight trends, identify common challenges and understand how organizations are maturing their preparedness, detection and response programs.
Our findings reveal a harrowing scenario with leaders facing obstacles related to internal attitudes toward cyber security, lack of confidence and resources, and remote worker security. Key highlights include:
The growing volume and sophistication of attacks doesn’t help alleviate this scenario. When asked about the current threat landscape, the most pressing concerns were:
Close to 70% of organizations are receiving 100 or more threat alerts every day, but only 20% are investigating more than 20 events per day. Closing the gap between alerts and investigations is key to a more efficient incident response process, but a myriad of challenges stand in the way:
Nearly half (46%) of organizations are unable to contain a threat in less than an hour after initial compromise, and for 23% organizations that reported more than three data compromises in the past 12 months, containment takes at least 12 hours.
Contributing to containment challenges is the difficulty organizations have in acquiring data and intel to investigate incidents:
Organizations plan on automating more of their incident response process, but nearly half face headwinds like a lack of in-house expertise (47%) and a lack of supporting technology (47%). See below:
To address these shortcomings, security leaders are increasingly recognizing the benefits of third-party partners that provide managed detection and response. A partner can have an impact across the incident response process, particularly in the areas that security leaders want to improve most:
Security leaders are looking for new partners to help leverage these benefits. Four in five (82%) say they will likely work with a new partner to assist with their incident response process, indicating that third parties will continue to play a growing role going forward.
The General Counsel’s office is best positioned to act as quarterback in incident response, but many organizations cite numerous legal areas that are challenging, such as knowing when to consult corporate counsel (47%) and a lack of right-to-audit clauses with vendors (47%). Interestingly, corporate counsel expressed higher concern in this area than information security respondents, another indication of the disconnect between departments. See below:
The full report also covers:
To gain access to the full results, download the report.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Enlist experienced responders to handle the entire security incident lifecycle.
Find, collect and process forensically useful artifacts in minutes.
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Safely perform attacks on your production environment to test your security technology and processes.
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Services include drafting communications, full-service mailing, alternate notifications.