Having 24x7x365 monitoring of your IT infrastructure is now an essential part of business operations. No organization, no matter its size, is immune from cyber attacks. The threats from cybercriminals do not follow office hours, and neither can vigilant defense. Maintaining a skilled cybersecurity defense team that operates 24x7x365 is beyond most organizations. Cybersecurity-focused Managed Service Providers (MSPs) delivering Managed Detection and Response (MDR) services fill the gap. Choosing one that’s right for you is critical.
What is MDR and Why Do You Need It?
IT networks, the servers running on them, endpoint user devices, and cloud-based services are all in the sights of cyber attackers. To defend these systems, cybersecurity professionals need to monitor IT infrastructure in real-time and 24x7x365 to detect and respond to any abnormal activity.
MDR is a managed detection and response cybersecurity service delivered by an MSP that monitors activity on the networks, servers, devices, and cloud services an organization uses. Dedicated Security Operations Centers (SOCs) should deliver MDR services. SOCs ingest network traffic and system data from multiple organizations (separately and securely), use advanced analysis tools to establish normal baseline behavior, and quickly respond and alert human experts when unusual activity is detected. Automated fast responses isolate any potentially compromised part of the IT infrastructure so that malware or other cyberattacker activity can’t spread. Expert human cybersecurity professionals then follow up to analyze flagged alerts, take remedial actions to eliminate attacks, and plug any vulnerabilities that cyber criminals exploited.
MDR is a crucial part of a cybersecurity defense strategy but is only one component. Other necessary defense measures include Endpoint Detection and Response (EDR) and a Security Information and Event Management (SIEM) solution to gather data from across all networks and systems to deliver a comprehensive picture of cybersecurity. Additional preparatory actions are needed to bolster cybersecurity defense. These other steps include gap analysis and risk assessments, penetration testing for applications and networks, and regulatory compliance audits.
This broader suite of cybersecurity activities is increasingly provided as a component of a more comprehensive suite of services via Cybersecurity as a Service (CSaaS). MDR is a core part of CSaaS that can also be procured separately from other services. What should you look for when evaluating an MSP to deliver your MDR or other CSaaS needs?
Evaluating an MDR Provider
Using a third party to deliver your MDR requires you to trust that the partner you choose can protect your systems and that you can trust them with access to the data on your IT systems. When looking to partner with a CSaaS MSP to protect your IT assets, you should consider the following points.
Industry reputation- How is the vendor spoken of in your industry circles or more widely via Gartner Peer insights and other vendor tracking services? What is the reaction when you ask others in your industry about the vendor? Does the vendor contribute to the cybersecurity sector by providing information to raise overall cybersecurity awareness? For example: do they have an active website that provides free information on how to bolster your security? Do they deliver open videos and audio chats for anyone to consume to increase general cybersecurity awareness?
People- Do the staff who work for the vendor have a professional demeanor, and are they easy to interact with when discussing possible future working arrangements? Are there staff in the MSP who are thought leaders in the cybersecurity sector? When cybersecurity gets discussed, are they regularly quoted in specialist and general press?
Do they understand your industry- Organizations within the public and private sectors all have unique needs and challenges. Does the vendor under evaluation understand your industry or sector? Are they aware of what government or industry regulations you must comply with? Can they demonstrate successful partnerships with businesses or public sector bodies that you consider peers?
Experience- How long has the vendor been delivering cybersecurity services to clients? Can they demonstrate a track record of working with external organizations to deliver your needed services? Can you talk to nominated case studies independently of representatives of the provider?
Threat research- Can the vendor demonstrate that they are actively updating their knowledge and responses to the ever-changing threat landscape? Will they be able to adapt the MDR service you will have with them to new threats and work with you to advise on security patches as they are released?
Integration with your current cybersecurity solutions- Will the MSP be able to integrate their SOC tools with any of the cybersecurity tools that your organization has purchased and deployed? Can you retain the tools and maximize your investment in them during the lifetime of the MDR contract?
Service Offerings & Coverage- Does the MSP provide the full range of CSaaS offerings that modern planning and defense require? In addition to the core 24x7 MDR service delivered by skilled professionals to provide eyes-on-glass at all times, what other services are available? Other things to consider are:
Do they have more than one SOC? A single SOC is a potential point of failure.
Does the MDR cover networks, servers, endpoints, IoT devices, and cloud services?
Do they provide incident preparedness services to plan what to do in the event of a cybersecurity attack or incident?
Do they offer active incident response coverage, with pre-planned actions to follow in the event of an attack?
What alerting and reporting procedures are in place for BAU periods and during incidents?
Do they provide comprehensive gap analysis, risk assessments, and planning help to plug any issues within available budgets?
Can they help with your regulatory compliance (related to whether they understand your industry)?
Do they offer application & penetration testing and ongoing vulnerability scanning to identify emerging vulnerabilities in your systems?
Can the vendor offer ongoing advice on new security patches and how critical they are to deploy on your systems?
Data collection and retention practices- How will the vendor handle any data they collect when monitoring your IT systems? How long will they retain it, and will it be secured as they hold it? Who will have access to the data, and what controls are in place to safeguard the data from unauthorized access?
Critical Insight CSaaS
Critical Insight has a comprehensive CSaaS offering that includes Incident preparedness, 24x7x365 MDR, Incident Response, Vulnerability Scanning, Penetration Testing, and Regulatory Compliance assistance. By partnering with Critical Insight as your MSP and using our CSaaS, you have access to experts who can work with your leadership team to prepare for and deal with all cybersecurity requirements and protection. All via a pre-agreed and predictable budget.