Critical Start announced the introduction of Managed Cyber Risk Reduction (MCRR)
August 2023 by Marc Jacob
Critical Start announced the introduction of Managed Cyber Risk Reduction (MCRR), a groundbreaking new approach to security designed to reshape the way businesses combat cyber risks. MCRR, the next evolution of MDR, provides a comprehensive managed solution to address risks, vulnerabilities, and threats. It’s designed to go beyond threat-based detect and response to support organizational security programs across the five functions of the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF): Identify, Protect, Detect, Respond, and Recover.
Traditional approaches to cybersecurity have thus far failed to provide orchestrated, well-informed, and cost-effective risk adjusted protection across the broad areas of security that are needed to defend an organization. This is evident by the nearly two-thirds (67%) of U.S.-based cybersecurity leaders who say they have experienced a cyber breach requiring attention in the past two years, despite having implemented traditional threat-based detect and respond security measures.1 Additionally, 66% say they are not very confident in the effectiveness of their current strategies for evaluating and mitigating major cyber risks.1 Security leaders are also under mounting pressure to demonstrate effective management of cyber risk, with ever increasing concerns from stakeholders including boards, regulators, and customers. Accessing and analyzing the data required to communicate cyber risk in a way that informs decisions about how security investments and projects translate to risk is often laborious and painful.
MCRR by Critical Start uniquely addresses the challenges cybersecurity leaders face today. The Critical Start Cyber Operations Risk & Response™ platform provides holistic cyber risk monitoring, as well as maturity assessments to peer benchmarks, posture analytics, and full response capabilities. The platform is paired with a human-led risk and security operations team that evaluates and actions threats, risks, and vulnerabilities, and performs comprehensive threat intelligence research. Combined with over 12 years of award-winning MDR services, MCRR enables organizations to confidently reach their desired levels of risk tolerance.
“Security leaders today are increasingly being asked to do more with less under the backdrop of a failed mindset that the magic pill for cybersecurity is simply just more tools and technology,” said Craig Robinson, Research Vice President at IDC. “Organizations increase the odds substantially of outwitting cyber-attackers by taking a more proactive and holistic approach to reducing cyber risk, like the one presented by Critical Start’s new Managed Cyber Risk Reduction.”
With MCRR, customers can advance their security program over time with a strategic risk-based approach to mitigate risks in the most cost-effective ways possible. It enables the identification of assets requiring protection, ensures key security controls are effective, evaluates alerts for untrusted behavior to contain potential incidents, and limits business disruption through recovery preparedness. MCRR helps organizations identify risk quickly and continuously, and tie risk analysis into actions that demonstrate measurable improvement. It’s cost-effective, guided, and measurable.
Key features and services part of MCRR include:
Cyber Operations Risk & Response platform: Single platform that delivers cyber risk monitoring with posture analytics, response orchestration, and threat intelligence.
MDR: 24x7x365 monitoring, investigation and response backed by a contractual 60-minute median time to resolution (MTTR) service level agreement (SLA) across every threat centric alert type, and every priority level.
Controls and Signals Coverage Gaps: Identifies security controls gaps, including missing endpoint protection, additional log sources for Security Information and Event Management (SIEM) platform ingestion, and log source health monitoring to ensure the Security Operations Center (SOC) is receiving expected signals.
MITRE-ATT&CK® Mitigations: Delivers prescribed actions to prevent an adversary from successfully executing techniques against organizations.
Peer Benchmarked Risk Assessments: Manage cyber risk assessments conducted by third-party and self-assessments, comparisons to industry peer benchmarking, identification of risk reduction priorities, and measurement of improvements over time.
Asset Visibility: Allows customers to determine and maintain an accurate and persistent asset inventory of critical assets across organizations.
Vulnerability Prioritization: Identification and prioritization of vulnerabilities to patch based on active targeting and exploitation by adversaries, level of effort to exploit, remote exploitation, availability of exploit kits, and dark web threat intelligence.
Incident Response: Incident Response (IR) retainer and readiness services with full incident and compromise scoping, triage, investigation, containment, eradication, remediation, and recovery.
1 Critical Start 2023 Cyber Risk Confidence Index