OCT 31, 2023
Managed Detection & Response Leaders Embrace Data and Analytics to Stay Ahead
The Managed Detection & Response (MDR) industry finds itself in a new era with unprecedented challenges from platform giants and the migration of the attack surface to the cloud, with innovation becoming a requirement for survival. Companies built to provide clients with 24x7 “eyes on glass” now find themselves at the intersection of rapid technological advancements and evolving threat landscapes. Successful MDR providers are finding new ways to protect customers and grow their profits by leveraging advances in data and artificial intelligence.
The MDR landscape
One side of the equation finds industry powerhouses like CrowdStrike, Microsoft and SentinelOne venturing into the MDR domain by bundling managed services with their popular solutions. On the surface, this seems tempting for customers who already rely on these vendors for endpoint security. However, MDR challenges are complex and ever-evolving, making it less likely that any "jack of all trades" will deliver successful outcomes for customers.
Cloud security and its challenges
Then you have the realm of cloud security, which has emerged as the new game in town, promising greater challenges and, at the same time, opportunities. Compared to relatively straightforward threats of the past, such as the Slammer worm, today's security professionals are confronted with multi-dimensional attacks against cloud infrastructure and the administrators who oversee it. The enormity of security data volume further complicates matters, with reports suggesting that cloud infrastructures are up to 10 times chattier than their on-premise counterparts.
We are seeing more and more MDR providers leveraging data and analytics to navigate this challenging landscape and many are choosing to partner and build with Snowflake. Here are just three of the reasons why.
Integrating with the Data Cloud
MDR providers who choose to integrate with the Data Cloud are gaining product flexibility. This integration allows them to tap into the scalability, cost-effectiveness, and operational efficiency of platforms like Snowflake. MDR providers can transform from being perceived as service providers to becoming product companies in their own right. This opens the door to delivering more tailored and effective solutions to their clients.
Data sharing with security teams
Customers who are increasingly data-savvy are sharing data with security teams. MDR providers can facilitate data sharing using Snowflake’s “secure data sharing” or via the connected application deployment model. Connected apps allow customers to maintain control of their data while leveraging the provider’s cloud-based solution. This not only empowers security teams with direct access to valuable insights but also fosters collaboration, as clients become more engaged throughout the detection & response lifecycle.
Data science and GenAI for automation
Data science and generative AI (GenAI) are being used by leading MDR providers to automate rote tasks and boost analyst efficiency. For example, LLMs are able to provide natural language explanation of complex rule logic and gnarly log lines.
In the emerging, security operations center (SOC) co-pilot model, analysts of all experience levels are able to make better and more consistent decisions, faster.
Leading MDRs embrace the Data Cloud
, a leading MDR provider, is a prime example of a successful partnership with Snowflake. ReliaQuest GreyMatter, a security operations platform, uses Snowflake for Cybersecurity
to give analysts faster search, holistic visibility, and scalability — enabling accelerated threat detection and response.
Since integrating with the Data Cloud, ReliaQuest GreyMatter has seen a 94% improvement in processing large scale threat hunting data. Snowflake’s unique approach to data storage allows ReliaQuest to query large security data sets at scale and more efficiently than before.
ReliaQuest has always treated cybersecurity as a data problem. Coupled with Snowflake’s support for both managed app (vendor’s Snowflake) and connected app (customer’s Snowflake) options, ReliaQuest can deliver better security outcomes and be prepared to meet their customer’s requirements today, and tomorrow.
Security teams that choose Powered by Snowflake
providers gain flexibility and power to use their security data beyond what their vendor provides, and can connect additional applications for use cases such as security control validation. The teams that thrive will be the ones that recognize that data access and analytics are relevant and even critical to their success.
For MDR providers, this is not a time for business as usual — the industry faces daunting challenges but also exciting opportunities. By embracing data and analytics, MDR providers can navigate these challenges effectively. Integration with the Data Cloud, data sharing with clients, and harnessing the power of AI are three key innovation trends that are leading MDR providers toward a brighter and more secure future with Snowflake.
Threat Detection Methods and Best Practices
Threat detection is a proactive process used for detecting unauthorized access to network data and resources by both...
What Is XDR (Extended Detection and Response)?
XDR (extended detection and response) is an emerging cybersecurity technology that provides a holistic view of threats and...
Data Science vs. Data Engineering
Learn some the key differences and overlaps between data science vs. data engineering, including specialized positions.