Accelerating cybersecurity Time to Resolution (TTR)

Adam Khan, VP of Global Security Operations, Barracuda MSP

When it comes to cyberattacks and data breaches, time to respond (TTR) is a critical metric for managed service providers (MSPs), but one that can be challenging as the frequency and sophistication of threats continue to evolve.

MSPs typically have a limited number of staff who manage customers’ environments while simultaneously handling everyday administrative tasks like security updates. When a threat alert shows up, an engineer typically stops what they are doing, reads through the alert, determines where the threat is coming from, and then takes proscribed remediation actions.

That process works well for a single alert. However, the number of threats is increasing exponentially and MSPs and their customers have fewer skilled resources available to take action and respond appropriately. This can impact staff productivity and can lengthen response times to active threats, escalating the danger and associated damage of a breach.

If an engineer must evaluate customer-specific firewall policies for each alert and manually block a malicious IP, that process can take several minutes. Multiply that by dozens of alerts, and response times rapidly get longer. Remediating individual email attacks can take hours per campaign, which stretches to days and weeks when multiple malicious messages are involved. Organizations can spend hundreds of hours investigating and responding to security information event management (SIEM) alerts. 

Reducing TTR with automated processes 

What if, instead of this repetitive and time-consuming process, remediation processes can be automatically applied in just seconds? That was the thought behind the release of Barracuda Automated Threat Response (ATR), part of the most recent Barracuda XDR  release.

Barracuda XDR is an open extended detection and response (XDR) solution.  It integrates sophisticated security solutions such as security information and event management (SIEM), Threat Intelligence Platform (TIP )and security orchestration, automated response (SOAR) with attack vector protection solutions such as endpoint detection & response (EDR), email protection, firewalls, and more, coupled with a mature security operations center (SOC) to provide comprehensive 24/7 proactive monitoring and response service.   

On top of providing proactive detection and respond services, a recent feature was introduced that allows XDR to automated thread response workflows such as blocking malicious or anomalous traffic on a customer network without requiring any additional action on the part of the customer. 

This approach can improve your mean time to detect (MTTD) and mean time to respond (MTTR) metrics, boosting MSP performance and providing tangible benefits to clients by stopping attacks before they can do any damage. Automation can also reduce alert fatigue and ensures that SOC analysts can focus on tasks like proactive threat detection, further adding value to the XDR solution. 

With ATR, MSPs can automatically configure their extended detection and response capabilities to identify and respond to threats using existing security policies. This allows MSPs to provide rapid remediation without bogging down their staff while accelerating the time to resolve customer issues.

Given the explosion in new threats and the number of attacks most enterprises face, this level of automation will be critical for MSPs. Small and medium-sized businesses run dozens of applications and may experience hundreds of potential attacks per week. Larger enterprises experience exponentially more attacks across hundreds of applications. Tools like XDR are indispensable for MSPs to monitor and respond to these attacks. 

Harnessing the power of AI to shorten breach detections 

AI, machine learning, and automation can have a massive impact on cybersecurity. According to the 2023 IBM Cost of a Data Breach report: 

“Security AI and automation were shown to be important investments for reducing costs and minimizing time to identify and contain breaches. Organizations that used these capabilities extensively within their approach experienced, on average, a 108-day shorter time to identify and contain the breach. They also reported $1.76 million lower data breach costs than organizations that didn’t use security AI and automation capabilities.”

Most businesses take hundreds of days to identify and respond to a threat. According to the IBM report, it took 204 days to identify a breach in 2023 and 73 days to contain it. The longer it takes to contain the breach, the more costly the attack. There is a 23 percent difference and cost savings of $1.02 million for shorter life cycles (fewer than 200 days).

The type of automation enabled by XDR has considerable benefits in terms of cost and security. Again, according to the IBM data:

  • Organizations with automated response playbooks or workflows explicitly designed for ransomware attacks could contain them in 68 days, a 16 percent improvement over those without automation.
  • Companies with extensive use of security AI and automation had an average data breach cost of $3.6 million, 39.3 percent better than those without automation.
  • Companies with just a limited use of security AI and automation performed 28.1 percent better than those without.
  • Companies using threat intelligence services identified breaches 28 days faster than those that did not use threat intelligence. 

For MSPs that want to grow their security business, but are hamstrung by manual monitoring and response processes, automation like that enabled by Barracuda XDR can make a vast difference in performance, providing internal benefits and real security improvements for customers.

Adam Khan is the VP of Global Security Operations at Barracuda MSP. He leads a global security team comprising highly skilled Blue, Green, Purple, and Red Team members. With over 20 years of experience at companies like Priceline.com, BarnesandNoble.com, and Scholastic, Adam specializes in application and infrastructure automation and security. He is a passionate advocate for protecting small and medium-sized businesses from cyberattacks, recognizing them as the heart of American innovation.