Organizations looking to improve their security posture are faced with an astonishing array of choices and cybersecurity vendors. HelpNetSecurity talked to multiple experts about how to pick a network detection and response solution.
Network detection and response (NDR) solutions enable organizations to improve their threat response, they help protect against a variety of threats, and also provide visibility into what is actually on the network.
In this interview, CISO Mike Hamilton discusses the 3 vital factors to consider while selecting appropriate network detection and response solutions for business organizations.
Since selection and combination of network detection and response varies greatly among businesses, Mike offered HelpNetSecurity questions for organizations to ask so that they can decide which solution will be the best fit.
Here's an excerpt from the article:
Network detection and response uses a spectrum of technology and humans, and the right mix for your organization is highly individual. Here are 3 different mixes to consider:
Managed – Managed detection and response combines technology to collect information from your network, detection analytics to identify aberrational activity, and analysts to investigate, confirm, and conduct response operations along a pre-defined playbooks – as a service.
Operated – In the middle, you’ll own the technology, the people to operate the technology, and the processes for response, recovery, and recordkeeping. This is how many organizations have evolved but are discovering that this is harder to sustain.
Automated – At the technology end of the spectrum is automation: SOAR and other methodologies leverage your preventive and detective controls and integrates them to take an action decided by technology.
To decide whether you will be best served by Managed, Operated, or Automated, ask:
How fast/easy is deployment?
Does the solution ingest and analyze all your data sources?
For Operated – What are the resource costs, including how using resources for security may affect current projects as opportunity cost?
For Managed – How does the provider source and retain threat hunters and Analysts?
For Automated – What is the worst-case scenario for a false positive?