Many people think hybrid and multi-cloud environments make it hard to use managed detection and response (MDR) effectively; these environments pose problems for MDR integration and limit its capabilities.
Your detection tools and MDR should work well using AWS, Microsoft Azure, or on-premises servers. Nclose has seen clients move in and out of Azure, AWS, and Google Cloud Platform (GCP). Clients need to be able to change and adapt according to their business needs. The MDR should be able to do the same.
The MDR capability within organisations shouldn’t be a significant warning: “Oh no, you can’t deploy into a hybrid cloud environment or multi-cloud.” There should be no pitfalls or challenges to MDR capabilities or its ability to detect the threats we see in cloud environments, whether in Azure, GCP or AWS. The same dangers are relevant irrespective of the infrastructure or where the applications are sitting, or what you’ve deployed. And your choice of cloud infrastructure should not be determined by your MDR.
Some clients ask for a cloud-only deployment in a particular region. We say, sure, no problem. We can do that with all our collectors in a specific hyperscaler. They say we want a multi-cloud infrastructure and to store everything in Amazon S3 Glacier, and, for us, that’s fine. Our MDR infrastructure is flexible and can grow and shrink with our client’s needs and cloud environments.
Multi-cloud environments can be very beneficial. Every client we engage with has a requirement, for example, to retain logs for legislative and regulatory purposes. This could be for the payment card industry (PCI), financial services, or insurance. They must keep certain amounts of data for a specific time and sometimes do it offsite. This is where the cloud is useful – it lets companies keep the data as long as they need and move it depending on the kind of storage they want. Cloud environments help us as an MDR provider to deal with retention-based challenges and manage data better for our clients.
Multi-cloud environments also give us the potential to be more resilient because we can deploy multiple collectors throughout the organisation, both on-premises and in the cloud. We can also deploy numerous collectors within the on-premises instance. This gives us high availability and redundancy in case of an outage, making an organisation more resilient.
We’ve also seen many clients use cloud-based security applications with few on-premises applications. So, many of the logs come from the cloud, making having a log collector in the cloud a sensible step. Our management interfaces are based on our browsers, so it doesn’t matter where they are hosted, logged in from or located; we are wherever our clients need us to be.
One issue that companies need to consider is the location of data. Some companies have to keep their data in the country. If you use MDR in an environment in the Middle East, you must use an on-premises instance or cloud infrastructure hosted in the region. The same goes for Europe, as they have strict GDPR legislation. Any kind of information taken from that environment has to be GDPR compliant. It is essential that MDR can adjust to different types of cloud and on-premises deployment as well as meet unique customer needs.
So, what should happen with MDR when a company has on-prem, cloud, hybrid, or multi-cloud infrastructure? It should be capable of fitting within any environment the client wants while still adhering to exceptional security expectations. It should also be capable of addressing compliance, regulatory and legislative requirements across multiple countries and client sectors and be agile enough to shift and grow with the business.