Financial service organizations have specific security requirements for Managed Detection and Response. With limited resources and growing responsibilities, it’s critical to get the vendor selection process correct the first time.
When done correctly, MDR solutions can both strengthen a customer’s existing security capabilities – and create entirely new ones. But to do so, there are several key requirements that need to be met:
1. Protecting Your Company Around-the-Clock, Year-Round
When local bank branches close for the day, in most cases, so does human monitoring of threats and attacks. The costs and the lack of experienced staff make true “24-by-7” security an aspiration at best.
To solve this, your MDR provider should be able to demonstrate that it has a security operations center with the scale, staff, processes, and technology infrastructure to support continuous, in-depth security coverage. This capability is transformative: financial institutions accustomed to monthly or quarterly security scans now can run scans weekly or even daily.
2. Identifying Critical Threats
The complexity of today’s networks generate an ever-growing mass of security alerts. False positives, or mislabeled security alerts that indicate a threat when there isn’t one, make this burden worse for over-worked, in-house security teams. Instead of focusing on critical threats and on shortening response times, teams’ time and attention can quickly be consumed by software bugs, badly written code, or unrecognized network traffic.
In the past, MDR service providers simply captured and forwarded alerts, leaving it to the over-burdened, in-house security team to still sift, sort and prioritize what needed their attention and what didn’t. This doesn’t really help solve the problem faced by IT teams – too little time and too many responsibilities. Financial services organizations should demand that their MDR provider incorporate human analysis to uncover real threats, understand their scope and what IT teams need to know about the potential impact.
3. Achieving Greater Network Insight
Many IT teams lack visibility into their networks and potential vulnerabilities. The proliferation of log and systems management tools and platforms splinter the network view, making it almost impossible to do root analysis and scope unfolding attacks.
MDR service providers should be able to address this opaqueness by combining integrated tools, automation, effective procedures and human expertise in a Security Information and Event Management (SIEM) solution. It is important to have a single view into the entire network that will help both internal IT teams and MDR providers truly understand and diagnose the situation.
4. Improving Security Skills
Experienced cybersecurity hires are difficult to come by, especially at the mid-market level. In mid-market financial services companies, network and systems administrators all too often find themselves elevated to “cybersecurity analyst,” without the needed training, development, or support to accompany the title.
When financial services organizations decide to work with an MDR service provider, they should believe that the partnership will help to improve the overall team’s skill levels. Any provider should be able to demonstrate how it maintains its team’s skills and fosters a committed workforce, while at the same time discussing how it can help educate and support the existing IT team as a part of the service relationship.
5. Establishing Audit Readiness
Auditors increasingly focus on the end-to-end processes that enable effective cybersecurity. Audit readiness, however, means having more than just a checklist of security tools prepared. Financial services organizations need to be able to demonstrate and document how their cybersecurity program conforms to specific audit and compliance requirements.
Any MDR service provider should be able to map their capabilities to the specific audit requirements for each organization. Documenting end-to-end cybersecurity processes, encompassing procedures, personnel and products should be second-nature and done as a part of the regular service process.