If you are thinking of buying a managed detection and response (MDR) service, then you already know how these services can help your organization achieve security and compliance while reducing costs. These services can help by extending your team and offloading certain tasks related to security monitoring to a third-party, freeing up your team to better focus their efforts. But do you know what to look for in managed detection and response vendors? What sets some providers apart from others? Here are four important items to consider when buying an MDR:
- Does the service work as advertised? Will you be alerted to important security incidents without being bogged down by noise?
It’s important to understand exactly how the service works and when you’ll begin receiving value from your investment. How long will set up take and how long before the systems are tuned and delivering useful information you can use. Will you just receive a long laundry list of alerts triggered? Or will you get full details of exactly what happened and the proposed steps to fix the issue? Will you receive numerous false positives that will end up wasting your time, or will you receive only actionable fully investigated incidents?
- Does the SOC team have certifications and experience working with a wide variety of customers? Do they know the products they are managing inside and out?
How experienced is the SOC team? Have they worked with the products they are using for a long time? Does the team hold certificates of expertise in security areas? Are they fully trained on the products and understand how to get the most out of the tools? Or are they simply forwarding alerts triggered by the software?
- Is the SOC truly 24x7 and staffed by the company’s own employees?
Will the SOC team be available 24 hours a day, monitoring your network? Do they provide true round-the-clock coverage by a team of experts? Is the team employed directly by the service provider or are they an outsourced third party? How long has the team been with the company?
- How responsive is the organization to customers? Do they work with you as a partner towards improving security?
Will you have a dedicated point of contact? Will the service provider be responsive to questions and feedback? Will they act as a partner to help you continuously improve your security? Are they prepared to help as your organization changes and matures its security posture?
At Cygilant, our SOCVue security as a service provides a managed detection and response capability to help organizations to leverage our trained global SOC team as an extension of their teams to gain 24x7 coverage, remediation guidance and reduce operational costs. If you’re interested in learning more about how Cygilant help, schedule a demo today!