“For smaller and midsized organizations that do not
have huge security teams to staff a 24/7 SOC, an MDR
service makes sense.”
The first step in deciding whether you need a service—and exactly what kind of service you need—is to evaluate your current capabilities. Look at how those capabilities mesh with the reality of the risks you face and your current ability to meet them, and see where you have gaps.
A reputable managed detection and response (MDR) service typically has security operations centers (SOCs) located in different geographies or that run 24/7 so that they can provide full coverage and continuous, proactive monitoring of all your endpoints. This coverage is important because of where and when people work, and it has become even more critical since the COVID-19 pandemic, which has really changed how people work. You no longer have the standard set of people coming into the office from eight to five, and remote workers don’t have the robust network security controls
found in the corporate offices.
We began looking at MDR services seriously when our business expanded to Europe. It was not an easy decision for us because we already had a internal security information and event management (SIEM) system and an internal SOC. We already managed data coming from all the endpoints through the SIEM system, and we were getting alerts. The big question was, How do we scale that? Now we would be ingesting twice as much security data. We would need to staff up so we could run 24/7 because of the different time zones of our operations. In addition, we would have to plan for security people taking vacations. Even with that, how effective would the night shift be at 3:00 or 4:00 a.m.?
This is an excerpt from 7 Experts on Transitioning to Managed Detection and Response. This eBook was generously sponsored by GoSecure.