Skip to main content
Click here to go to homepage

Understanding Managed Detection and Response

Anyone who is familiar with the CNYRIC is likely aware of the breadth of services that it offers to help school districts and municipalities better serve their respective communities. However, the organization also keeps an eye out on the horizon, attempting to identify trends in education, cybersecurity, or any other field that might fall under its umbrella, in an attempt to find solutions to problems that may not have arisen yet, but are very likely to in the near future. One of the trends to keep an eye on is the concept of “managed detection and response,” or MDR. 

MDR is a type of cybersecurity technology that combines artificial intelligence with human vigilance and expertise to offer constant networking monitoring. More simply, this means that something (and ultimately, somebody) will be monitoring any given network infrastructure 24 hours a day, seven days a week. This is important for what will likely seem like obvious reasons, but also some behind-the-scenes reasons as well. To help provide this solution, the CNYRIC has partnered with Blackpoint to offer MDR protection for itself. CNYRIC Assistant Director Kevin Clapp spoke about why this solution is being put into place.    

employee monitoring work systems from computer

“It began as something of a hunch,” according to Kevin, when asked why the decision was made to look into incorporating MDR at the CNYRIC. “You may know that many insurance companies began to require a multi-factor authentication [MFA] solution to be in place in order for districts and BOCES to retain their cybersecurity insurance, due to the huge increase in cyber attacks over the years. Ahead of that change, we noticed that many insurance forms were asking, ‘Does your organization have an MFA solution in place?’ on questionnaires.”

In a case of history potentially repeating itself, CNYRIC administration began to notice a familiar trend. 

“Right now, a lot of insurance application forms are asking the question, ‘Does your company utilize an MDR solution?’” said Kevin. “And those are just questions on a form as of this moment, but it wasn’t that long ago that, ‘Does your organization utilize an MFA solution?’ was just a question on the form as well. And we’ve seen how that process played out.”  

While the desire to be proactive and ahead of potential issues is obviously important, there are practical business reasons to deploy an 24/7 MDR solution as well. In short, successful cyber attacks usually come with two caveats: They’re very expensive to deal with, and very time-consuming to fix. Some statistics from Blackpoint: 
  • 90% of security breaches occur during non-business hours (defined as 9 a.m. - 5 p.m. by Blackpoint’s analysis).
  • It takes an average of 39 days to contain a data breach, and upwards of 200 days to identify the cyber attacker who penetrated the organization.
  • The average cost associated with a data breach goes up over time, based upon the number of days needed to contain it. Blackpoint estimates this number ranges from $1 million in losses at 30 days, and a staggering $3 million in losses if the breach still isn’t contained by the 90-day mark.
  • Ransomware attacks cost small-to-midsize businesses $42,000 on average.  
So how does MDR attempt to prevent this? Through a marriage of technology and human intervention. You may not know this, but organizations such as the CNYRIC can generate terabytes of log data in a matter of days. It’s impractical from both a financial and workforce perspective to hire people to comb over this amount of raw data each day, even if it was their only job responsibility. Through services like Blackpoint, artificial intelligence (AI) can instead comb over this raw data in a fraction of the time, and act on its own accord to disconnect any device that may be involved in activity that could be perceived as a threat to network security. As this is happening, these anomalies are flagged and alerts are sent to actual human beings. Cyber analysts will then review the anomalous incidents and report to the appropriate team from the affected party for follow-up. 

In the event that a potential threat is detected outside of normal hours of operation (or if the staff is otherwise indisposed for any reason), the Blackpoint cyber analyst can actually make the decision to shut down the potentially offending threat until such a time that they’re able to convene with members of the customer’s team. And because Blackpoint can capture this data on all endpoint devices, a true sense of “total coverage” is achieved.

security image

Much like with the organization’s solution for multi-factor authentication, MDR is something that the CNYRIC plans on offering to districts, as well. While a given district may not necessarily move the sheer volume of data that the CNYRIC does, it does directly deal with sensitive financial and student data, and thus could greatly benefit from this kind of 24/7 monitoring. 

“A lot of the solutions that we put in place following the distributed denial of service attacks from several years ago have worked very well,” said Kevin. “However, that doesn’t mean we can’t take additional steps to protect ourselves. By getting an MDR solution up and running, we’re no longer waiting for the attacks to come. We’re being proactive, instead of passive. We’re not simply waiting for the cyber attacks to come, but rather, we’re actively looking out for them.” 

By taking a proactive approach with MDR, the CNYRIC has put itself in a stronger position, both for its own protection and in service to any potential districts, all in a cost-effective enterprise. And having 24/7 monitoring can give customers stronger peace of mind, knowing that someone is keeping an eye on their network at all hours of the day.

For more information about how MDR can help your organization, please contact Kevin Clapp at 315.

Phone: 315.433.8300
Visit: 6075 E. Molloy Rd. | Syracuse, NY 13211
Mail: P.O. Box 4754 | Syracuse, NY 13221
click for cayuga boces website
click for citi boces website
click for ocm boces website
click for tst  boces website