Top 5 MDR trends in 2022

The pandemic has fast-tracked cloud adoption by a few years, with the net effect that many organizations have adopted cloud and use more than one cloud provider.

For example, organizations that have been traditional Amazon Web Services (AWS) customers are adding some Azure workloads and adopting Office 365 as SaaS. And Microsoft Azure customers have added containers in the Google Cloud Platform (GCP). Hence, the need to monitor and have a single pane of glass for threats across multiple clouds has become critical.

Organizations will adopt solutions that provide a unified view of multi-cloud and SaaS threats. These organizations also expect a unified, automated framework to onboard, discover, and monitor Azure, AWS, and GCP cloud resources.

We expect unified multi-cloud MDR capability to reach maturity in 2022.

Edge is evolving rapidly to solve latency-related use cases that pure cloud workloads cannot address. Initial edge adoption has begun in different industries, including manufacturing for factory automation using the Industrial internet of things (IIoT), healthcare with IoT, and automotive with connected vehicles.

Azure, AWS, and GCP have released their edge solutions, leading to the need to monitor edge components for threats and provide local responses to mitigate threats.

An MDR solution will integrate into edge components, including containers, APIs, storage, and specialized edge applications to provide threat visibility and response. Initial pilots and rollouts are expected to start in 2022.

So far, MDR is delivered as a horizontal service that cuts across all industries. On the other hand, attack campaigns use the nuances of different industries for large-scale breaches. Organized crime syndicates have started profiling industry applications and architectures to identify vulnerabilities for penetration.

The first high-impact example was seen with SWIFT application attacks in financial services back in 2016. This was an exception then, but it has become the norm now. Utilities and oil & gas are targeted through operational technology and IIoT networks. In financial services, business applications such as ATMs, internet banking and SWIFT are targets. Organized crime groups target industry-specific characteristics, including technologies, applications, social media, and network architectures.

This calls for MDR offerings to integrate industry characteristics into detecting and responding to verticalized deep attacks. This essentially means better capabilities to integrate with business applications and technologies specific to an industry vertical, with corresponding use cases for detection and response mechanisms. We will see a release of industry-specialized MDR offerings in 2022.

The application programming interface (API) is becoming the de facto method to integrate heterogeneous software.

It is also the glue that connects different lightweight, agile software components that form a web application. API will become ubiquitous in all modern applications within a few years. However, we are not fully prepared for API threats — given that API security frameworks are still evolving and fast! Discovering the total number of external and internal APIs in an organization is not easy.

MDR can start addressing API security concerns through its capabilities, combined with complementary capabilities derived from web application and API protection (WAAP) and specialist API security solution integrations.
API discovery, vulnerability scans, and anomaly detection through profiling can be some of the most beneficial results of MDR for organizations.

MDR is focused on identifying any threats within an organization — regardless of external or internal origin. DRPS is fast emerging as an option to understand what is happening outside an organization, which encompasses digital asset discovery, exposure assessment, VIP/executive monitoring, dark web monitoring, and brand protection. Given the complexity of threats today, the input from DRPS provides a 360-degree view of exposure for an organization.

Consider this example: assets and systems of VIP accounts already exposed on the dark web need to be a high focus list for proactively monitoring for attacks in MDR. Similarly, in the case of dark web intelligence on CVEs used in attacks, ransomware becomes a valuable metric for prioritizing the fixing of assets with exploited CVEs. These assets can be prioritized for detection, leading to interesting possibilities of integration and amalgamation of DRPS with MDR.