“When evaluating an MDR service provider, recognize that the relationship will be more than just monitoring. The provider can take actions, too.”
Security is all about how quickly you can detect, identify, isolate, mitigate and remediate issues. To do those things well, you must be on guard 24/7/365. The fundamental question you must ask yourself and your team is, Do you have that 24/7 capability? If you do not, then you need to bring in a vendor that has access to the right threat intelligence and can be on call 24/7, watching over your systems. You want a provider that you know has already looked at something before it gets to you, one that can respond quickly and enable you to take action. That is how you get ahead of the curve. Just having someone from your team on call does not give you the agility needed in today’s environment. You need eyes on the monitor at all times. These are the capabilities you want from a managed detection and response (MDR) service provider.
Before engaging with an MDR service provider, list your clear objectives:
Making the vendor relationship work requires being transparent with the vendor about your goals and expectations. That transparency works both ways, too. You should expect the service provider to be open with you about what it can do to improve your security practice. To set those objectives, work with your organization’s leadership team to evaluate the company’s security situation, and then work with the MDR service provider’s team to develop a full view of your organization’s IT environment.
This is an excerpt from 7 Experts on Transitioning to Managed Detection and Response. This eBook was generously sponsored by GoSecure.