Managed detection and response helps solve the needs of organizations who lack resources and enables organizations to better detect and respond to threats. MDR services complement an organization’s own IT or security team to help provide the extra eyes for 24x7 coverage along with security expertise and guidance for remediating potential security incidents that are detected. However, not all services provide the same features. So, it’s important to ask these four questions when looking at managed detection and response solutions.
How good is the security team?
Since you will be relying on this team to provide 24x7 coverage of security monitoring and trusting their judgement on which alerts are actionable and which are noise, it’s important to investigate how strong the team is. You should ask about the team’s experience, qualifications, training and certifications. Ideally, the team will be employees of the vendor with deep product knowledge. The team should demonstrate that they are actively keeping up with developments in information security and have solid processes in place that align with industry best practices. Look for an organization that hires team members who are skilled at practical application of knowledge and critical thinking skills.
What processes are followed?
To reduce risk and prove compliance with various industry regulations, you’ll want to understand what processes the team uses in assessing risk and responding to potential incidents. The service should include a fully baked process that include documentation and reporting of the steps taken to identify and remediate potential risks.
What technologies are being used?
Since different vendors provide different services, you should ask about and become comfortable with the underlying technologies behind the services. At the heart of most MDR services is a SIEM/log management technology; but some vendors like Cygilant are also able to provide integrated vulnerability and patch management services, which help to further reduce attack surface before an incident even occurs.
Does it meet your needs?
Ultimately, you’ll need to decide if the service aligns with your organization’s needs. Since services can vary by vendor, you’ll need to find the service that best prepares your organization to improve its security posture while maximizing return on investment. That means you’ll need to look at how quickly the service can get up and running and how quickly you will start to see results from your investment. Since security is process not a project, the services provided need to align with your organization’s overall security strategy and help position you to continually improve over time. Consider services that can serve as an advisor and partner with your team to help drive continuous improvement.
Find out how Cygilant’s 24x7 Global SOC is helping customers get the coverage they need: