2023 Tech Leaders: Ben Finke of OnDefend
OnDefend Co-Founder/CTO Ben Finke selected as one of the 2023 Jacksonville tech leaders of the year.Read
We quickly found the need was not a singular event. A recent survey found the average response time for MSSPs to security incidents is 3 hours. However, the study also found that 20% of MSSPs take more than 12 hours to respond to security incidents.
By leveraging OnDefend’s breach & attack simulation solution, BlindSPOT, our professional services team is able to safely simulate ransomware, supply chain, and other adversarial tactics every month to prove a third-party security provider or internal defense team will detect, respond, and alert to real- world cyber-attacks within the organizations selected time frame.
Problem: What is our mean time to detect (MTTD) and mean time to respond (MTTR)?
Background: This customer was concerned about reports of similar organizations’ internal network defense teams and outsourced 3rd party MSSP’s providers response to cyber-attacks, which resulted in critical delays and sometimes complete response failures.
Actions Taken: BlindSPOT was used to perform the service Security Monitoring Validation where various threat actor attack vectors are simulated on an environment to validate, their real-time detection, alerting, and response readiness as if it was a real event.
Result: The attack simulation report revealed the EDR was missing attack activity, when the EDR did successfully detect an attack, the logs were being directed to the EDR’s own console rather than the SIEM. The MTTD for the attacks that were logged was 5 hours. Following remediation of the of the misconfigurations the MTTD was 2 minutes.
Customer Reflection: “I was blown away by how long it took for our system to detect an event and reach the screen of the analysts who was responsible to respond. If it had been a real attack, our original detect and response time of 5 hours would have potentially cost us millions, not to mention losing that sensitive data. Now, if our EDR and SIEM have a detection or response failure, we’ll know.” – Vice President of Information Security, International Technology Corporation
Instantly download a demo here: Security Monitoring Validation