Pondurance CEO: MDR tools critical to mitigating lag in breach response times

Managed detection and response (MDR) tools are becoming mission critical to avoiding and detecting breaches, while threat actors are increasingly leveraging AI to develop scalable hacking tools, according to the CEO of cybersecurity firm Pondurance.

Speaking to The Insurer TV on the sidelines of last week’s NetDiligence Cyber Risk Summit in Miami Beach, Pondurance CEO Doug Howard said that MDR tools are the latest critical defence firms need to deploy to improve their cybersecurity posture.

MDR, Howard said, is essential for establishing real-time visibility into threats facing organisations – and ensuring they are detected and eliminated quickly.

“We need to see more broadly across the network, [we] want to look at the logs, [we] want to look at the network, [we] need to look at the endpoint, of course,” he said, adding that cybersecurity firms also need visibility into what cloud software clients are using.

“And what happens is, no matter what stats you look at, if you have nothing [in place] and you're not monitoring your infrastructure, it's going to take six to 12 months before anybody detects anything,” the Pondurance CEO said.

“And most likely, that's your customer calling you going, 'Hey, I'm seeing my data out on the web or dark web'. So with [MDR], it allows a customer to lower their dwell time, so if something gets in their environment, hopefully, it is a very short time before it's detected,” he added.

MDR tools critical to real-time detection

Howard said that with MDR in place, threats and breaches can be detected essentially in real time.

“So ideally, we're going to catch things when you're starting to see suspicious activity, before it actually has an impact,” Howard commented.

He noted that very few firms have 24/7 monitoring capabilities, which could lead to further delay in detecting a breach and therefore greater damage should a threat go unnoticed for weeks or even months.

“So shrinking that [timeframe] down is the objective,” Howard said, as he also pointed out that insurers “have now just naturally ratcheted up the requirements to get insurance”.

The executive also cited an industry statistic that oftentimes it is between six and 18 months before a breach is detected within a victim’s environment.

“And then you've got the MDR players [involved] such as ourselves, that can show how our customers don't get breached, and when they do get breached, it's within minutes that we're able to tell them what to do to stop that from spreading,” Howard explained.

Firms have devoted significant attention to improving their cyber hygiene in recent years amid a historic escalation in threat activity, while there have been growing compliance requirements and greater demands on firms from insurers to lower their cyber risk overall.

Along with incident response, Pondurance specialises in offering MDR services that provide continuous monitoring of IT systems on a 24-hour basis.

MDR tools are aimed at getting ahead of customers’ weak points in their tech infrastructure to make sure they don't get breached.

“At the end of that, if a customer hasn't done all the right things, or candidly, just [given] that threats evolve quicker than defences in the marketplace, they'll have a compromise,” Howard said, in which case Pondurance is then brought in as a incident response firm.

MDR service providers had previously been referred to as managed security service providers, among other terms, but the tool has since evolved to include automated response.

With the surge in ransom and extortion activity in recent years, standards regarding security protocols have rapidly evolved beyond simple tools like multi-factor authentication to include endpoint detection and response and MDR.

“And so the 'R', the response,” Howard said, “is automation that allows that to block [a threat actor] at a system level both through an agent that is blocking itself without a human intervention, as well as automation [that] allows us to push a button and block everything.”

At the NetDiligence event in Miami, Howard said the CEOs of competing incident response firms get together to share perspective on what they are seeing in the marketplace.

“A lot of that is the threat landscape, a lot of it is the evolution of technology,” he explained, along with sharing the latest insights on carrier behaviour.

“So the collaboration at a cross competitive level is extremely high, and then you integrate that with the relationships that we have with the brokers and the cyber carriers themselves as to what they're trying to do,” he said of his discussions at the Miami Beach event.

Howard said the spike in ransomware activity in recent months has generally stabilised at a high level, and that he expects this year to be active in terms of threat activity.

AI tools allowing threat actors to scale operations

Commenting on threat actor behaviour, Howard said cybercriminals continue to rapidly evolve their techniques, which has included the adoption of machine learning and AI.

“But don't forget, on the defensive side, we're using that as well,” Howard commented.

Threat actors are using AI and machine learning technology to more rapidly build scalable tools that can be reused to target an array of victims.

“So what that means is one, they can build code that evolves itself. But it also means that they can actually change that code rapidly as well. We're also starting to see early indications that potentially some of the negotiations may be done at an AI level as well.” Howard explained.

“So instead of negotiating with a person on the other side, where you're trying to get them to delay, and so forth, you're starting to see potential use of AI … [and] rapid exchanges. You could potentially see three years from now where the negotiations are actually happening between two chatbots, as an example,” he noted.

The Pondurance CEO said it was not immediately clear if AI would result in more intelligent negotiating positions, or if negotiations will become more unpredictable.

“So now [AI chatbot negotiators] can see the trends all in real time, potentially, without looking at anything, with the chatbots basically making those decisions very rapidly,” he explained.

AI tools can access and interpret information much more rapidly, which could influence negotiations.

“It may not just be at the negotiation level, it may be other information that they're taking into consideration,” he continued.

“It will be interesting, scary, and a time where we’ll all have to use tools to our advantage.”

Watch the full interview with Pondurance CEO Doug Howard to hear more on:

  • Why managed detection and response tools are critical to detecting and stopping breaches in their tracks
  • How the failure to leverage an MDR service means a breach could go undetected for months
  • How both threat actors and potential victims are using AI to scale and speed up both attacks and breach response