With 2018 now well in our sights, the countdown to the General Data Protection Regulation (GDPR)) is most definitely on. Articles 33 and 34 of the GDPR require organizations to communicate personal data breaches when there is a high risk of impact to the people to whom the data pertains. GDPR security requirements and breach notification go hand-in-hand, for obvious reasons. In the words of the European Commission Working Party 29 (the group who are tasked with clarifying the requirements of the GDPR): Article 32 of the GDPR “makes clear that the controller and processor should have appropriate technical and organizational measures in place to ensure an appropriate level of security of personal data: the ability to detect, address, and report a breach in a timely manner should be seen as essential elements of these measures. So in brief, if there's a good chance a breach would affect people's personal data, there's gotta be a comprehensive plan in place to address it—quickly. You can read more about Working Party 29’s guidelines on Data Breach Notifications here.
Traditional defenses are not geared toward detecting the more complex threats and exploits used in today’s sophisticated threat landscape. Moreover, attackers don’t just operate during business hours. And the longer an attacker goes undetected, the more potential there is for them to do damage. The answer for many organizations is to set up a Security Operations Center (SOC), but this can be a daunting and costly task. It takes a lot of time and money to build a SOC and to competently staff it around the clock. And that’s assuming you can find (and keep!) the right people.
There is another way.
Rapid7 Managed Detection and Response
Rapid7 Managed Detection and Response (MDR) Services, provides 24/7 incident detection and response. This makes it that much easier for organizations to tackle their detection and response needs without needing to invest in building and staffing a SOC themselves. Per the advice of Working Party 29, “a key element of any data security policy is being able, where possible, to prevent a breach and, where it nevertheless occurs, to react to it in a timely manner.” This is great, but to do it well is often beyond the budgetary means of many organizations. There is a terrible kickstarter pun just raring to go here, but let’s keep to the point.
This begs the question-- what’s included in Rapid7 MDR?
People, Process, Technology
Rapid7 built our Managed Detection and Response offering around people, process, and technology. The Rapid7 SOC is full of some of the finest talent in cyber security. They eat, sleep, and breathe alerts. When they finish up at work, many of them go to meetups on hacking. The technical people on the team average more than 10 years experience. They’ve worked for public and private sector organizations. Even the most junior analyst has seen over 300 threats and many breaches.
The backbone of the Rapid7 Managed Detection and Response Service is Rapid7 InsightIDR, for SIEM, User Behavior Analytics (UBA), and Endpoint Detection and Response (EDR), but we don’t just manage the technology for you. The team both hunts for threats and conducts investigations to understand what is going on in your environment. If a lead is a threat, and the threat is a live attacker, the team can easily pivot into incident response escalation mode. Two incident escalations are included annually with the service, so if the worst happens you know the experts have your back.
Prior to deploying Rapid7 MDR, the team conducts a compromise assessment and builds a threat profile for the organization.The threat profile enables understanding of user behavior within the organization so that it’s easier to spot anomalies and make better use of threat intelligence. The compromise assessment ensures that there is a clean environment prior to starting. In some cases, our team has done a compromise assessment and found issues that previous companies had missed.
Round the clock support
Rapid7 has security operations centers around the globe, where our analysts execute the 24/7/365 coverage. The combination of people, process, and technology makes it possible to better meet organization’s needs for GDPR, without the overhead of an in-house SOC.
Check out the GDPR toolkit for more information on how to get prepared for the upcoming regulation.