Christopher Kozlov, Lake Forest Academy, Director of Information Technology
“When evaluating an MDR service provider, it’s important to match the provider’s technology and staffing offerings to your technology, usage patterns, and security needs.”
All organizations face the challenges of increasing complexity in the technical environment they must defend and the growing sophistication of attacks. Meeting these challenges requires new tools and skills—tools and skills that can stretch an organization financially. As an educational institution, our IT environment consists of a variety of technologies that support a range of user scenarios. We are not in a position to offer big salaries for top security expertise; instead, we rely fully on an in-house team to defend our infrastructure. That is why we use a managed detection and response (MDR) service.
When evaluating an MDR service provider, it’s important to match the provider’s technology and staffing offerings to your technology, usage patterns, and security needs. Some providers have special expertise in particular types of network technology; others have a broader range of technical capabilities.
Another key factor is a clear understanding of exactly which services the MDR service provider offers beyond detection and alerting. Look beyond threat acknowledgement to what happens next. Does the vendor just give you a ping, or is it doing something more? Does it open a ticket? Who does the follow-up work to mitigate the threat? Who does the necessary forensic work? How do you get the incident information you need? Then what happens? Now that the vendor has detected the threat, who are the people helping you figure out the details of that threat? Are those people up to the task, or are they going to get stuck?
This is an excerpt from 7 Experts on Transitioning to Managed Detection and Response. This eBook was generously sponsored by GoSecure.
