{"href":"http://player.captivate.fm/services/oembed?url=http%3A%2F%2Fplayer.captivate.fm%2Fepisode%2F0b787352-f8f5-4668-8ba9-ae2e925d9a75","version":"1.0","provider_name":"Captivate.FM","provider_url":"https://www.captivate.fm","width":600,"height":200,"type":"rich","html":"","title":"Threat hunting: How MDR secures your business","description":"A cyberattack is not the same thing as malware\u2014in fact, malware itself is typically the last stage of an attack, the punctuation mark\u00a0that closes out months of work from cybercriminals who have infiltrated a\u00a0company, learned about its\u00a0systems and controls, and slowly spread across its network through various tools, some of which are installed on a device entirely by default.\u00a0\nThe goal of cybersecurity, though, isn't to recover\u00a0after\u00a0an attack, it's to stop an attack before it happens.\u00a0\nOn today's episode of the Lock and Code with host David Ruiz, we speak to two experts at Malwarebytes about how they've personally discovered and stopped attacks in the past\u00a0and why many small- and medium-sized businesses should rely on a newer service called Managed Detection and Response for protecting their own systems.\u00a0\nMany organizations today will already be familiar with the tool called Endpoint Detection and Response (EDR), the\u00a0de facto cybersecurity tool that nearly every vendor makes that lets security teams watch over their many endpoints and respond if the software detects a problem. But the mass availability of EDR does not mean that cybersecurity itself is always within arm's reach. Countless organizations today\u00a0are so overwhelmed with day-to-day IT issues that monitoring cybersecurity can be difficult. The expertise can be lacking at a small company. The knowledge of how to configure an EDR tool to flag the right types of warning signs can be missing. And the time to adequately monitor an EDR tool can be in short supply.\nThis is\u00a0where Managed Detection and Response\u2014MDR\u2014comes in. More a service than a specific tool, MDR is a way for companies to rely on a team of experienced analysts to find and protect against cyberattacks before they happen. The power behind MDR services are its threat hunters, people who have prevented ransomware from being triggered, who have investigated attackers\u2019 moves across a network, who have pulled the brakes on a botnet infection.\nThese threat hunters can pore over log files and uncover, for instance, a brute force attack against a remote desktop protocol port, or they can recognize a pattern of unfamiliar activity coming from a single account that has perhaps been compromised, or they can spot a ransomware attack in real time, before it has launched, even creating a new rule to block an entirely new ransomware variant before it has been spotted in the wild. Most importantly, these threat hunters can do\u00a0what software cannot, explained Matt Sherman, senior manager of MDR delivery services. They can stop the people behind an attack, not just the malware those people are deploying.\u00a0\n\n\"Software stops software, people stop people.\"\n\nToday, we speak with Sherman and MDR lead analyst AnnMarie Nayiga about how they find attacks, what attacks they've stopped in the past, why MDR offers so many benefits to SMBs, and what makes for a good threat hunter.\nYou can also find us on\u00a0Apple Podcasts,\u00a0Spotify, and\u00a0Google Podcasts, plus whatever preferred podcast platform you use.\nShow notes and credits:\nIntro Music: \u201cSpellbound\u201d by Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/Outro Music: \u201cGood God\u201d by Wowa (unminus.com)\n\u00a0","thumbnail_width":300,"thumbnail_height":300,"thumbnail_url":"https://artwork.captivate.fm/9d480a7d-eae9-4618-8695-57dd5dc817b5/lock-and-code-logo-2021-ar2rs.jpg"}