Interview with Andriy Hural - Director of MDR at UnderDefense

Shauli Zacks Shauli Zacks

SafetyDetectives spoke with Andriy Hural, Director of Managed Detection and Response (MDR) at UnderDefense, about the company’s main services, the importance of incident response planning, effective cybersecurity practices, and more.  

Can you talk about your background and what motivated you to establish UnderDefense?

In 2016, while visiting cybersecurity startups and established security companies in Israel with Lviv Business School, our CEO Nazar Tymoshyk understood that Ukraine had more potential as a cybersecurity player than Israel. This discovery motivated him to start his own company, UnderDefense.

Like many successful Silicon Valley startups, UnderDefense began in a small basement with just four students. Our team was passionate about offensive and defensive cybersecurity, and we focused on building products and serving our customers.

What are the main services offered by UnderDefense?

Our Security-as-a-Service platform is a one-stop-shop for security & compliance. We’ve made cybersecurity simple, affordable, and consistent through the unification of currently disjointed security tools from multiple vendors to fully visualize, correlate through AI, and automatically detect, investigate, and respond to all possible attacks.

Besides the Security-as-a-Service platform, our offering includes:

  • 24/7/365 Turnkey Managed Detection & Response (MDR)
    We integrate into your existing security stack and manage it efficiently 24/7. We proactively hunt for threats across your network, endpoints, cloud, and hybrid environments, allowing you to focus on your core operations.
  • Penetration Testing
    Our penetration testing service is state-of-art work done by certified ethical hackers. Companies receive a sophisticated report with detailed findings and recommendations on meeting specific security standards and guidelines on fixing vulnerabilities threatening your business.
  • Incident Response Services
    We leverage cutting-edge IR technologies to help you identify, disrupt, contain, and eject malefactors from your environment. Instantly react to cyberattacks and prevent dire consequences.
  • Compliance & vCISO
    Entrust routine IS operations, cybersecurity strategy, and compliance procedures to a remote IT security officer. We bring the necessary insights, expertise, and knowledge on how secure operations should be developed, implemented, run, and managed.

Can you speak to the importance of incident response planning and what steps should be taken in the event of a cyber attack?

Incident response planning is crucial for any organization as it allows them to prepare and respond effectively to a cyber attack. The faster you respond – the least potential damage a cyberattack might have. The steps to be taken in the event of a cyberattack include:

  1. Identify and Contain the Attack: The first step is to quickly identify the attack and contain it to minimize the damage. This involves isolating the affected systems and devices from the rest of the network to prevent the spread of the attack.
  2. Assess the Damage: Once the attack is contained, it’s important to assess the damage and determine the scope of the attack. This involves identifying the type of attack, the
    affected systems, and the data that may have been compromised.
  3. Notify Stakeholders: Organizations need to have a clear communication plan in place to notify stakeholders such as customers, employees, and partners about the attack and the steps being taken to address it.
  4. Remediate and Recover: After assessing the damage, the organization needs to remediate and recover from the attack. This involves removing the threat, patching vulnerabilities, and restoring systems and data.
  5. Review and Improve: Once the attack has been contained and the organization has recovered, it’s important to review and improve the incident response plan based on lessons learned. This helps to ensure that the organization is better prepared for future attacks.

At UnderDefense, we work with clients to develop and implement incident response plans that are tailored to their specific needs and risks. Our team of experts provides 24/7 monitoring and response services to quickly detect and respond to cyber attacks, minimizing the impact on our client’s business operations. Additionally, we conduct regular tabletop exercises and simulations to test and improve the incident response plan, ensuring our clients are always prepared for a cyber attack.

What are some of the most effective strategies for mitigating cyber attacks and keeping systems secure?

The most advanced security approach combines human expertise with cutting-edge technology to provide real-time monitoring, advanced threat detection, and response capabilities. With this solution, security teams gain complete visibility over their cloud, hybrid, and on-premise environments, enabling them to prevent breaches within minutes and mitigate the consequences of even the most sophisticated attacks.

Unfortunately, security teams usually invest in too many tools, resulting in alert fatigue and multiple console complexity. They struggle to recruit and retain skilled security operations analysts who can effectively use these tools. At this point, having dedicated experts monitoring networks around the clock becomes essential, regardless of if it’s an internal team or someone on the side taking all the hustle away & making sure you aren’t breached.

Managed Detection & Response Services may be the answer for companies who can’t allow having their own Security Operations Center. It provides customers with remotely delivered, human-led, turnkey, modern SOC functions, ultimately delivering threat disruption and containment. For example, I would recommend one from UnderDefense (laughing).

What steps do you recommend for organizations to maintain ongoing security and compliance in their operations, and how do you work with clients to achieve this goal?

At UnderDefense, we work closely with our clients to develop a customized security strategy that aligns with their business goals and regulatory requirements. We start with a comprehensive security assessment to identify any vulnerabilities and recommend appropriate security controls. We also provide ongoing monitoring and management services to ensure our client’s systems and data are protected from potential threats.

We also offer compliance services, including compliance audits and assessments, gap analysis, and policy development, to help organizations meet various regulatory requirements such as HIPAA, GDPR, and PCI DSS.

Our team of experienced security professionals works with our clients to educate them on security best practices and ensure they are up-to-date with any emerging threats or vulnerabilities. We believe that ongoing communication and collaboration are key to achieving and maintaining strong security and compliance postures.

How has the cyber security landscape evolved over the past few years, and what trends do you see emerging in the near future?

The cybersecurity landscape has undergone significant changes over the past few years, and it continues to evolve rapidly. One of the biggest trends we’ve seen is the rise of ransomware attacks. These types of attacks have become more frequent, more sophisticated, and more damaging, with attackers targeting organizations of all sizes and types.

Another trend we’ve seen is the increased use of cloud services and the need for cloud security. As more organizations move their operations to the cloud, there is a growing need for security solutions that can protect cloud-based assets and data.

We’ve also seen a shift towards a more proactive approach to cybersecurity, with organizations focusing on threat hunting, vulnerability management, and incident response planning. There is a growing recognition that it’s not enough to simply have security controls in place; organizations need to actively monitor their networks for signs of attack and be prepared to respond quickly and effectively if a breach occurs.

Looking to the future, we expect to see continued growth in the use of artificial intelligence and machine learning in cybersecurity. These technologies have the potential to greatly enhance our ability to detect and respond to threats in real-time.

We also anticipate a continued focus on compliance and regulatory requirements, as governments around the world seek to improve cybersecurity standards and protect critical infrastructure.

Overall, the cybersecurity landscape is constantly evolving, and it’s important for organizations to stay vigilant and proactive in order to protect themselves against emerging threats and stay ahead of the curve.

About the Author

About the Author

Shauli Zacks is a tech enthusiast who has reviewed and compared hundreds of programs in multiple niches, including cybersecurity, office and productivity tools, and parental control apps. He enjoys researching and understanding what features are important to the people using these tools.