Before you decide.........

5 QUESTIONS YOU SHOULD ASK A POTENTIAL MDR SUPPLIER:

As the security landscape grows more and more complex and attack surfaces increase, it’s only logical that increasing numbers of organisations like yours will seek out comprehensive managed security services. While traditional managed security service providers (MSSPs) primarily took responsibility only for remotely monitoring a customer’s security tools and infrastructure, an MDR (Managed Detection and Response) provider typically includes alert analysis, threat investigation, threat hunting, research, and incident response capabilities within the terms of the engagement. It’s an attractive proposition for companies looking for a turnkey experience, isn’t it?

Demand for these services is getting higher and higher across all verticals, and many prospective providers are rushing in to meet it. Some of these are traditional managed security or IT services, while others are telecommunications carriers or management consultancies eagerly jumping on the MDR bandwagon to take advantage of this market’s rapid growth.?

However, with so many providers competing for your business, it can be tough to differentiate between the good, the bad and the ugly. Everyone promises that?their?services will be reliable and easy to consume. Everybody claims that their offering provides great value for what you’ll spend – and there’s so much technical talk and confusing jargon in the field that it’s hard to figure out who’s telling the truth and more importantly whether any of what their selling is best for your business and your own specific use case.

Did you know that the NCC Group has been doing this for over 20 years now, even before the term MDR was popularised?

Based on our extensive experience, we’d like to share the top five questions that we recommend you ask potential providers you’re considering working with. Listen to their answers thoughtfully and evaluate them with care. At NCC Group we don’t sell services – we sell outcomes, so ensure that any buying decision you make is based on what’s right for your business too.

This list of questions is not extensive, but merely a few of the more important ones that you should consider before making your decision.

Question 1: WHAT’S IN THEIR DNA AS AN ORGANISATION???

Nearly every firm that’s now offering MDR services has a background in some aspect of IT, telecoms or cybersecurity. However, this experience may or may not be directly relevant to building and running a?highly effective Security Operations Centre (SOC).

Do the MDR provider’s SOC Analysts have extensive experience in “advanced” security disciplines like threat hunting, penetration testing or forensics? Or do they come from a venture-backed think tank that’s primarily product-focused?

Understanding the company’s history will shed light on what are likely to be its top priorities and strongest competencies.

Question 2: HOW MUCH VISIBILITY INTO YOUR ENVIRONMENT WILL THEY HAVE?

How many different types of log data do they plan to collect within your environment? What types of threat intelligence do they rely on? Is it based on their own research or that of a 3rd party? As endpoint detection and response (EDR) solutions have become more popular, a growing number of providers are leveraging these tools because they provide in-depth information about what’s happening on endpoint devices. Though this data is valuable, if you’re not gathering service and network data too, it’s possible to miss late-stage attacks. Look for a provider who seeks broad visibility into a wide variety of different types of network and host logs, security events and usage data from cloud applications.

Question 3: HOW WILL THEY MAKE USE OF THE LOG DATA THEY COLLECT IN YOUR ENVIRONMENT?

It’s relatively simple to collect logs and feed them into a system information and event management (SIEM) platform or other data analytic tool. It’s another matter to be able to monitor this information in real time. Writing rules that enable log management solutions to alert on the right events — the ones that are truly meaningful in?your?organisation’s IT environment — isn’t easy. Nor is it easy to know?which of the hundreds or thousands of alerts that these solutions generate every week?is most worthy of a security analyst’s limited time and attention.

Figuring out what’s most important to pay attention to requires skill, experience, and a baseline understanding of what’s typical in an individual business’s unique computing environment - But the?quality?of security monitoring is arguably more important than the sheer quantity of data that’s being collected.

Question 4: WHAT’S THEIR PRICING MODEL?

Some MDR providers charge on a per-user basis, while others calculate pricing on the basis of the number of servers or endpoints in your environment. Still others may include additional costs for each firewall or other security appliance they’re monitoring or set limits on the amount of log data that they can handle.

Choose a solution that will enable you to scale up and down in accordance with your business needs, and one with a pricing model that’s transparent and easy to understand.

Question 5: ARE YOU A GOOD FIT FOR MY COMPANY?

Every MDR provider should have well-defined standard operating procedures that outline how they handle workflows. Some clients want to be able to retain a great deal of control over threat and incident response processes in their environment. Others would prefer their provider to simply take charge of everything.

A good match for your business means that the provider’s capabilities and preferred ways of working will dovetail with your requirements and expectations. Ask what types of services the majority of their clients enjoy, and how comfortable their team is with taking action on clients’ behalf. Oh, and don’t forget to ask what they’re doing today, and what their roadmap is for driving down Mean Time to Detection (MTTD) and Mean Time to Response (MTTR)

If you want to know more about how NCC Group can help you stay safe and secure get in touch.

Call us before you need us!