IT teams at mid-market organizations financial services are finding themselves overtaxed and overworked, forced to manage constant security alerts and still find a way to use technology to drive the business forward in a meaningful way. It is for this reason that so many are looking to partner up with a Managed Detection and Response (MDR) service provider.
Because of the limited resources and time allotted to these internal IT teams, it’s extra-critical that IT teams make the correct selection the first time. There simply isn’t the time and money available for a redo.
With that in mind, we wanted to share with you today a 5-part action plan for evaluating MDR vendors.
Step 1: Prioritize
Prioritize your existing cybersecurity pain points to establish your starting requirements.
Step 2: Identify
Identify MDR providers that specialize in the small-to-mid-sized business market using professional networks, industry conferences, online social networks, and other resources.
Step 3: Research
Research the background of your potential MDR service providers regarding:
- The provider’s antecedents—is there a history of cybersecurity experience and expertise? How and why has the provider evolved in response to the market and to the threat landscape?
- The security operations center (SOC) platform—is there a mature technology stack? Can it scale to meet growing needs (yours and other customers’)?
Step 4: Explore
Explore service details such as:
- What service levels does the provider commit to? How can customers track performance?
- What, if any, variables can affect the standard service fee?
- Is there a clear demarcation and allocation of threat response responsibilities between provider and in-house cybersecurity teams?
- What patch management and deployment functions are available?
- What is the ratio of customers to the provider’s security analyst/advisors—how many customers is each analyst assigned to? The lower the ratio, the better.
Step 5: Practice
Practice due diligence by:
- Reviewing the security alert process and deliverables—what reports does the provider create and how often? How does their SOC assess, analyze and respond to threats? What process is used to joint apply counter-measures?
- Evaluating the effectiveness and usability of their Security Information and Event Management (SIEM) solution.
- Documenting how the provider will implement security monitoring and vulnerability scanning.
- Establishing what audit compliance reports the provider will create, at what level of detail and when they will be made available.
Selecting a vendor to partner with is not an easy decision to make – nor should it be, because it is critical that you get it right. Hopefully by following our five-part plan you can prioritize what matters most to your organization – and select a cybersecurity-as-a-service partner that fits the best with your specific needs.