By: Jen Thompson, Director of Product Marketing
The emphasis on technology solutions can overshadow the crucial role played by effective management. While advanced solutions are essential, their potential remains untapped if not properly implemented and maintained. All too often, promising technologies end up as shelfware, collecting dust instead of protecting our employees and customers. To truly safeguard our environments, we must shift the focus towards not just cutting-edge technology but also the diligent management and utilization of these cybersecurity solutions by seeking Managed Detection and Response (MDR) providers.
MDR is a technology that aims to speed detection and response through automation and provide a solution to empower lean teams by acting as an extension to their current security operations. Finding an MDR provider that will meet your organizational challenges takes research and careful consideration.
Adlumin’s industry expert and Senior Director of Product Marketing, Jen Thompson, discusses essential questions you need to ask when considering an MDR provider and provides answers that will help you make informed decisions when protecting your organization.
What security signal are you able to monitor and protect?
Think about it – cyber criminals attempt to be sneaky to avoid detection. Sometimes, they leave tiny breadcrumbs that are easy to overlook, but when you connect all your security data, those breadcrumbs turn into a trail that leads an analyst to uncover what happened. It’s like shining a light on every nook and cranny of your cybersecurity landscape. It’s not uncommon for cybercriminals to bypass a security signal before finally being caught. And the more monitoring an MDR provider can provide, the better. There are assorted flavors of MDR providers regarding what they will ingest and monitor. The three main profiles are ones that only manage Endpoint Detection and Response (EDR), those that manage network and SIEM, and providers that look at all your security signals. In addition to understanding what they ingest, it’s essential to know if you can connect your current technology or if you must use the provider’s technology (or, in some cases, are limited to their existing integrations).
What metrics and reporting do you offer to help organizations track and understand their security posture effectively?
MDR providers should give access to various reporting capabilities to help organizations track and understand their security posture. These include incident reports, threat intelligence reports, performance and efficacy metrics, compliance reports, trend analysis, executive dashboards, and ad-hoc reporting. These reports can give organizations valuable insights into their security landscape and help them understand their security state effectively.Organizations need to discuss their reporting requirements and expectations with potential providers to ensure alignment and obtain the most relevant and useful information for tracking and understanding their security posture.
What type of visibility will I have into my environment?
Like a doorbell camera monitoring your house, you should also have access to the same data and view as your MDR provider. Gone are the days of the black box approach to managed security. MDR providers act as an extension of your team, giving you 360-degree visibility. You should be able to see what alerts are being investigated, why alerts were closed, and the details of an active investigation. Initially, this may look like check-ins to start to trust the provider, but then it will evolve into the benefits of having an extended team. This allows you to dedicate your time to building a proactive approach to security, understanding your risks, and implementing changes.
If you are in a regulated industry, how will you help me comply with frameworks like PCI DDS, FFIEC, and HIPAA Assessments?
Proving compliance can become a time-consuming process. With all your data in one location, pulling the required data to show compliance should be easy. Your MDR team should be providing support for your day-to-day tasks so you can focus on improving your security posture. Being able to run compliance reporting throughout the year can provide insights into which areas of your security program require improvement to reduce risk. Like other reporting capabilities, you should have direct access to evaluate and understand your compliance needs.
How do you provide scalability and flexibility to accommodate growing business needs?
A scalable MDR solution should seamlessly adapt to increased data volume, diverse threat landscapes, and connecting to new or additional security technology. Simple pricing and licensing are critical in meeting the evolving demands of a growing business and provide scalability. It’s important that your provider can streamline your security program into a centralized location by offering key components such as threat hunting, vulnerability management, incident response, and more. Another thing to consider as your business grows and your security evolves is the flexibility to choose who manages the platform.
How do you use machine learning to detect anomalies in an environment?
Machine learning (ML) and Artificial Intelligence (AI) are becoming more commonplace words in cybersecurity. As cybercriminals evolve their tactics and techniques to evade security controls and the shift to the cloud, they can easily go undetected. MDR providers should have a team of data science and threat researchers who identify these new methods and build machine learning models based on this activity to develop detections. Additionally, the security platform your provider uses should include user entity and behavior analytics to create behavioral profiles for users so it can detect when behaviors deviate from the baseline. Here is an example of Adlumin’s Threat Research Team examining a recent emerging threat.
What is the onboarding process? How long will it take to be fully up and running?
The onboarding process should be simple and only take a few hours. Deployment and tool integration should be intuitive, necessitating minimal aid. Initial support with an onboarding call will help guide you through a smooth setup. A straightforward onboarding process not only accelerates security enhancement and return on investment but also showcases the provider’s commitment to efficiency and effectiveness. It also usually indicates a provider’s ability to deliver a Proof of Value, enabling you to experience their capabilities firsthand.
What does customer support look like?
A dedicated customer support representative within your MDR provider is a direct link to assistance and quick resolution when you have questions. With a dedicated customer success manager, you gain a partner who advocates for your interests. This focused support enhances collaboration, builds trust, and helps you maximize your security investment. Some MDR providers also offer a dedicated post-sales engineer as additional support.