How to Improve Threat Detection and Response with Telemetry

AI (Artificial Intelligence) concept. Communication network.

An intensifying cyberthreat landscape and the growing complexity of operating environments are making threat detection and response more challenging than ever.

“Always-on” security measures are now a must. But in addition to 24/7 protection, cyber defense needs to encompass every point in organizations’ operating environments. However, traditional detection and response tools often fail to provide this level of security due to compatibility issues and other data obstacles.

The reality is that most businesses can no longer manage threat hunting on their own, which is why organizations continue to rely on managed service providers (MSPs) for third-party support — and why MSPs are leaning on vendors for additional security expertise. 

Scott Barlow, global VP of MSP and cloud alliances, Sophos
Author: Scott Barlow, global VP of MSP and cloud alliances, Sophos

To help customers successfully prioritize, manage, and respond to threats, MSPs must reevaluate their toolboxes and security partners so they’re equipped to face even the most sophisticated cybercriminals. And the most critical thing they need? Advanced telemetry.

Do your threat detection and response capabilities need an upgrade?

Your customers’ operating environments include disparate, third-party technologies ranging from firewalls to endpoint solutions. And as a channel partner, it’s your job to ensure every component of those environments remains secure. 

Whether you leverage solutions that facilitate extended detection and response (XDR), endpoint detection and response (EDR), or managed detection and response (MDR), telemetry is a critical part of any threat mitigation strategy. Telemetry increases visibility into a customer’s operating environment by collecting and analyzing data from each security solution. However, challenges often arise when using traditional MDR, XDR and EDR tools and services.

For instance, using proprietary threat detection tools can limit the range of third-party technologies you can connect with, creating an information ecosystem that excludes critical telemetry data. The inability to see the full picture of a given environment can create gaps in security that give bad actors system and network access. But you can’t expect customers to overhaul their entire tech stack for compatibility purposes.

On the other hand, using a vendor’s solution that only integrates with their technology eliminates first-party control over the data for you and your customers. As a result, you’re left to parse through and analyze large amounts of unstructured telemetry data to make it valuable. But with widespread and ongoing IT labor shortages, this manual and repetitive process isn’t a viable option.

So, now what?

How MSPs can optimize vendor agnostic telemetry

MSPs historically relied on detection and response technologies and services that either overwhelmed them with unstructured data or presented integration challenges that failed to produce enough data. Now, thanks to advances in cyber-risk mitigation technology, MSPs can take advantage of vendor agnostic telemetry that integrates with third-party security technologies. 

The ability to collect and analyze data from disparate sources provides a 360-degree view of a customer’s entire operating environment, eliminating weak spots for adversaries to exploit. You can also optimize your approach to better protect customers against growing threats. Here’s how:

  • Collaborate with customers. Successful relationships between MSPs and customers start with collaboration. Hold discussions upfront so you can nail down the logistics of your telemetry strategy — and stay on the same page as customers — before implementing the relevant technologies or services.Conversations with customers should also include which types of cyber threats pose the greatest risk to their business. While advanced telemetry tools automatically analyze and prioritize threats, additional threat modeling lets you identify the risks your customers are most susceptible to, which helps you pinpoint the sources you should add to their telemetry ecosystem.
  • Document processes. As the intermediary between customer and provider, it’s critical to maintain thorough records of the processes you follow with customers. Specify roles and responsibilities so important tasks aren’t overlooked, and take note of which solutions are connected. Additionally, it’s important to work closely with customers to create an incident response plan unique to their business and IT needs. 

Advanced telemetry technology and services can help you meet your customers in the middle, eliminating the need for a complete tech overhaul, while allowing you to integrate with third-party technologies. As a result, you can increase visibility into your customers’ operating environments and improve your response time to catch bad actors before they do irreversible damage.

Scott Barlow is VP, Global MSP & Cloud Alliances, at Sophos. Read more Sophos guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.