Top 5 MDR trends in 2022

MDR has gained priority as an investment area for organizations worldwide, and 2021 saw a corresponding increase in MDR adoption among many large enterprises. This has been fueled by the evolving threat landscape that grows at double digits.

We don’t expect 2022 to be any different. MDR services have proven effective against current threats such as ransomware, supply chain attacks, web application attacks, advanced malware, data exfiltration, and Business Email Compromise (BEC), among others. Continued innovation will ensure it can stay ahead of attackers.

Here are the top five trends we expect in MDR, based on new threats and changes in the dynamic digital landscape.

Multi-cloud MDR becomes mainstream

The pandemic has fast-tracked cloud adoption by a few years, with the net effect that many organizations have adopted cloud and use more than one cloud provider.

For example, organizations that have been traditional Amazon Web Services (AWS) customers are adding some Azure workloads and adopting Office 365 as SaaS. And Microsoft Azure customers have added containers in the Google Cloud Platform (GCP). Hence, the need to monitor and have a single pane of glass for threats across multiple clouds has become critical.

Organizations will adopt solutions that provide a unified view of multi-cloud and SaaS threats. These organizations also expect a unified, automated framework to onboard, discover, and monitor Azure, AWS, and GCP cloud resources.

We expect unified multi-cloud MDR capability to reach maturity in 2022.

Baby Steps for Edge Security

Edge is evolving rapidly to solve latency-related use cases that pure cloud workloads cannot address. Initial edge adoption has begun in different industries, including manufacturing for factory automation using the Industrial internet of things (IIoT), healthcare with IoT, and automotive with connected vehicles.

Azure, AWS, and GCP have released their edge solutions, leading to the need to monitor edge components for threats and provide local responses to mitigate threats.

An MDR solution will integrate into edge components, including containers, APIs, storage, and specialized edge applications to provide threat visibility and response. Initial pilots and rollouts are expected to start in 2022.

MDR industry verticalization gains momentum

So far, MDR is delivered as a horizontal service that cuts across all industries. On the other hand, attack campaigns use the nuances of different industries for large-scale breaches. Organized crime syndicates have started profiling industry applications and architectures to identify vulnerabilities for penetration.

The first high-impact example was seen with SWIFT application attacks in financial services back in 2016. This was an exception then, but it has become the norm now. Utilities and oil & gas are targeted through operational technology and IIoT networks. In financial services, business applications such as ATMs, internet banking and SWIFT are targets. Organized crime groups target industry-specific characteristics, including technologies, applications, social media, and network architectures.

This calls for MDR offerings to integrate industry characteristics into detecting and responding to verticalized deep attacks. This essentially means better capabilities to integrate with business applications and technologies specific to an industry vertical, with corresponding use cases for detection and response mechanisms. We will see a release of industry-specialized MDR offerings in 2022.

Expansion in API Security Monitoring

The application programming interface (API) is becoming the de facto method to integrate heterogeneous software.

It is also the glue that connects different lightweight, agile software components that form a web application. API will become ubiquitous in all modern applications within a few years. However, we are not fully prepared for API threats — given that API security frameworks are still evolving and fast! Discovering the total number of external and internal APIs in an organization is not easy.

MDR can start addressing API security concerns through its capabilities, combined with complementary capabilities derived from web application and API protection (WAAP) and specialist API security solution integrations.
API discovery, vulnerability scans, and anomaly detection through profiling can be some of the most beneficial results of MDR for organizations.

Digital Risk Protection Services (DRPS) Integration

MDR is focused on identifying any threats within an organization — regardless of external or internal origin. DRPS is fast emerging as an option to understand what is happening outside an organization, which encompasses digital asset discovery, exposure assessment, VIP/executive monitoring, dark web monitoring, and brand protection. Given the complexity of threats today, the input from DRPS provides a 360-degree view of exposure for an organization.

Consider this example: assets and systems of VIP accounts already exposed on the dark web need to be a high focus list for proactively monitoring for attacks in MDR. Similarly, in the case of dark web intelligence on CVEs used in attacks, ransomware becomes a valuable metric for prioritizing the fixing of assets with exploited CVEs. These assets can be prioritized for detection, leading to interesting possibilities of integration and amalgamation of DRPS with MDR.

It is obvious that we need to continuously innovate and enhance to stay ahead of the threats. MDR is a common framework to integrate and amplify an organization’s existing security investments for high fidelity threat detection and response. We eagerly look forward to continuous innovation in this space to gain an upper hand in the fight against organized criminals and nation states.

Share this article

About the author

Vinod Vasudevan

Global CTO for MDR & Deputy CTO for Cybersecurity services at Atos

Vinod Vasudevan is currently Global CTO for MDR & Deputy CTO for Cybersecurity services at Atos.

He brings more than 20 years of cybersecurity leadership and product innovation. He co-founded Paladion in 2000 and has acted in the role of CTO. During his tenure, he has led technology development and made Paladion an industry leader in managed Detection and Response.

He currently holds two U.S. patents in AI & Cybersecurity and has directly serviced global enterprises in the U.S., Europe, and the Asia Pacific. Vinod is a prolific writer and has authored multiple books, articles, and presentations in leading cybersecurity forums.

Before co-founding Paladion, Vinod worked with Microsoft and helped drive the adoption of Windows 2000 in the Asia Pacific. He is also a CISSP since 2001.