At Cygilant, prospective customers are in constant research for what is a strong MDR, but there is little agreement in the industry for what makes a comprehensive MDR service. Before we go in-depth, do you remember this security acronym? If not, we have a handy refresher: What is Managed Detection and Response (MDR). In this blog post, we hope to advise you on the three most common components of any MDR. Feel free to include these components in your vendor matrices; the findings will surprise you.
Monitoring & Detection
A significant concentration of an MDR service is in the detection of suspicious activity when monitoring their clients’ networks. Discovery of potential threats and anomalous activity can be done using many tools (HIDS, NIDS, and SIEM tools are the most common). MDR services will use these tools to implement alerts they have created specifically for this service, but tools alone cannot hone in on the specific threats to a network. Without leveraging threat intelligence and client-specific contextual analysis, many false-positives will need to be investigated and many false-negatives will slip by. A true MDR will leverage these not to find threats, but to add context and background as an enhancement to existing alerts.
One of the biggest headaches of any detection tool is the investigation of alerts. To accommodate this, a MDR will have a dedicated SOC investigating the alerts triggered by the managed tool(s). The SOC is instrumental in determining whether a triggered alert requires attention and notifying clients of that fact. A SOC will also tune these alerts over time as they gain a better understanding of normal behavior of clients’ environments.
A good MDR service will always prioritize the customer and deliver an experience that transitions from awareness to action smoothly. Simplifying the transition, an MDR service will emphasize step-by-step remediation or triage with experienced security professionals. Not to mention that well trained security professionals are difficult to find as stated by ISACA’s recent study in Cyber Security Workforce trends. Therefore, assuring that well-trained seasoned security professionals with a process that extends your security team will be required. A few notable key metrics that characterize leading MDR companies from each other are Net Promoter Score (NPS), Customer Effort Score (CES), and Customer Satisfaction (CSAT).
An MDR service will also provide their clients an online portal to offer visibility into the overall detection of incidents in the customers environment. This portal should be easy to use and understand as well as providing all relevant information in one screen. Coupled with, effectively becoming the focal point of information sharing across the customers team. Equally important will be actively correlating monitored sources with Threat intelligence, Vulnerabilities, and Patching.
Have you had issues finding these qualities in an MDR, let’s talk! Cygilant breaks the conventional MDR model with its exceptional customer centricity. Cygilant’s team of 24x7 Global SOC analysts act as an extension of your team to deliver round-the-clock security monitoring with remediation guidance and compliance reporting to meet your security objectives at affordable rates. Request a demo today to learn how Cygilant can help your organization.