Bad actors and cyber-criminals are attacking your business, and security analysts can often observe their activities in device and system logs. A security team should triage, review, and respond to alerts from these log events. Companies deciding to augment existing IT or Security teams by adding a managed detection and response (MDR) provider will have many questions featuring a myriad of buzzwords. Asking the right questions of the MDR vendor from the beginning will go a long way in helping you find one that is the best fit.
MDR can fill many organizational and operational gaps, such as a lack of cybersecurity personnel resources, employee skills gaps, adherence to compliance requirements, decreasing security event response and dwell times, providing actionable alerts and threat intelligence, and more.
Like a castle with complementary and overlapping security strategies, MDR can answer many security-related problems and business needs.
Challenges are inherent within any MDR service, making it imperative to choose the best provider for your needs. For example, from the MDR service perspective, having disparate tools and technologies, true positive and detection abilities, reduction of false positives and noise, support or integration for your specific log sources, log volumes and ingestion, log storage and retention, and Security Analyst retention, to name a handful.
The MDR service relationship is potentially complex as it’s co-managed. MDR doesn’t work without consistent and effective communication between the MDR vendor and the customer. Clear discussion and understanding of the demarcation between what the MDR provider can do and what the customer is responsible for are vital.
Ideally, managed detection and response SOC analysts should feel like they’re part of your extended security team, both from your perspective and theirs. An example is whether the providers’ SOC analysts retain and utilize information communicated to them, creating corporate memory of your business. For example, do the answers you’ve provided in tickets appear to be understood and saved, or do the analysts keep asking the same questions repeatedly (what’s the IP range for your guest Wi-Fi network again)? Do you feel that they ‘know’ your business and are working in concert with your staff to protect your company and reduce security risks and threats?
When selecting an MDR provider, the roadmap and ability to enhance and improve the product offering should remain at the top of mind. Is the provider cloud-centric, forward-thinking, and leveraging common frameworks like MITRE? Here are some questions you would be wise to ask.
Effective and timely security events, as well as incident alerting and response, are key goals of MDR, thereby reducing your overall cyber risk. In addition, MDR fills many gaps and organizational deficiencies in providing security-specific experts, 24/7 incident monitoring and operations, and maintaining the vital mapping of threats to security technologies currently used or deployed within your environment.
MSSPs are evolving to include MDR services based on cloud technologies, machine learning, and big data. These elements are no longer relegated to just the MDR Providers. MSSPs leverage their managed service capabilities to include security advisory, managed security infrastructure, and MDR options. MSSPs can be your one-stop shop, enhancing multiple business areas and growing as you do.
The right MDR provider and platform will fully integrate with your environment, continually minimize the attack surface, and improve threat visibility while reducing the cost of securing your business.
New Era Technology’s SecureBlu services can assist you with addressing a wide range of security challenges, including deploying managed detection and response. If you want to learn more about how your organization can prevent, detect, and maintain threats through New Era SecureBlu services, please visit our website or email us at solutions@neweratech.com.