Any technology requires human service, and this is, at a minimum, an analyst and an administrator. Let me give a simple example: a company buys modern firewalls with built-in intrusion detection. Every day, devices accumulate huge arrays of statistics about abnormal activity, and each such message is, in fact, an incident that requires investigation. Ideally, the result of the study should be the correction of technical controls, the localization and prevention of further threats, the reconfiguration of the system, the removal of specific prohibited software, or something else. All this can be recorded, analyzed, and evaluated by a qualified managed detection services specialist and, most often – a whole team of such specialists.
No matter which side we approach the comparison of outsourcing and independent efforts in ensuring cyber security, the advantage will still be on the side of the managed service. Question: What’s the point? Why build a hospital if you can buy health insurance?
As in the field of conventional security, in the area of cyber security, there is also a constant race of pursuit. Security experts build security systems, and hackers break them. Specialists improve protection systems, and hackers find new vulnerabilities. This process is permanent. The only difference with ordinary security is that this process happens much faster because this is a digital world. Cyberspace. And changes in it happen every moment.
Unlike service and support services, which have a one-time, episodic, random nature and are limited to the beginning and the end, the functions of professional support for the uninterrupted operation of individual systems and infrastructure (like MDR services) are usually outsourced based on a long-term contract (at least one year). The fundamental advantage of outsourcing for the activity of the organization is that outsourcing optimizes this activity due to the fact that it allows you to focus the functioning on the main priority direction. Due to such practical value, outsourcing has quickly and successfully taken root in the business sphere as a technology that helps solve the problem of reducing hidden costs, increasing adaptation to changing environmental conditions, improving the quality of manufactured products and services, and much-qualified risk management.
What do you pay attention to when choosing an MDR service provider?
Technology. The first MDR services’ main purpose is to facilitate the implementation of EDR solutions for companies focusing on endpoints. However, a modern approach allows for reaching far beyond only endpoints. A lot of businesses opt for the usage of cloud services. Due to the pandemic, a lot of people keep working remotely. These factors lead to increased risks and vulnerabilities. That is why cyber security should guarantee robust protection. So, we recommend paying attention to XDR and SIEM solutions MDR providers exploit. They have to be able to have a general picture of any hazard telemetry and data across the whole infrastructure. That is why top-notch technologies are the first thing you pay attention to when choosing an executor.
Detection. The MDR service is all about quality detection. However, there are so many methods of detection that it is easy to get lost when evaluating whose methodology is better. First of all, consider how MDR performers conduct detection and how often they do that. The periodicity can vary. It can be based on a human factor, hypothesis, or just an automatic IOC. Another approach is when MSSPs rely on log data (which is usually limited). So, what is the best for your business? There is no single answer to this question. However, a professional MSSP should combine all these methods to adapt it to your business needs and stakeholder expectations. The detection service should go 24/7/365 and use real-time data.
Responsiveness. As well as detection methods vary, responses can also be quite different. MDR providers offer you recommendations based on the data they receive. However, is it efficient? Of course, not. When choosing an MDR provider, remember that experienced ones should respond and prevent similar threats. They have a set of skills and technologies to react quickly and effectively. They mustn’t stop at just notifying you. They should take some action themselves. That is why you hire them in the first place. The quality responsiveness is their ability to stop and avoid cyber hazards.
Research capabilities. Investigation capabilities are probably the basis of quality detection and response services. When selecting the best MDR provider for your business, pay attention if they have a research department that conducts all the needed analysis and threat data investigations. Moreover, these research capabilities should have a solid ground of tech stack used. You should also consider how they carry out the research if they develop a strategy, study hackers and their methods, perform breach investigations, and more. Briefly speaking, they should always be one step ahead of cybercriminals.
Proven Experience. It is a widespread method to evaluate any type of contractor – experience. When you make sure your MDR provider has all the needed expertise in detection and response to incidents, you can build a better picture for yourself. Your task is to find out the consequences of their previous responses. If they have made the right decisions and proven efficient, this is a sign you should opt for them.
Culture. This is a factor that is often left behind. We recommend not forgetting the corporate culture your potential MDR provider has. Our guess is that you want to know who you will interact with, what kind of people work there, what their reputation is, what their work principles are, if they offer a long-term partnership, whether they are trustworthy, etc. In our humble opinion, these are the main things to consider when choosing managed detection and response services provider.
Wrapping up, we would like to say that with cyber security, the issue of trust is even less acute because, unlike a doctor, who can make mistakes and the consequences will be irreparable, here everything is deterministic and unambiguous.