Provider evaluation – the top areas to check
An effective provider should be able to monitor user , system and data events to spot suspicious behaviours , protect against malware and prevent data compromise , delivering insights on everything from what critical systems have been affected – on what devices , whether a third-party represents an entrance vector for attacks , the downtime to production systems and whether data has been exfiltrated . That includes whether privileged user accounts are being leveraged for unauthorised access .
Generate a list of documented use-cases you expect a provider to solve covering visibility ( system , user , data ), remediation and response ( indicator blocking , malware removal , endpoint isolation ) and forensics ($ MFT , registry , memory ) and then test their services , using penetration or threat simulation services . This will give you a full experience of their technology and service offering . A good MDR provider will handle advanced threats – such as lateral movement by hackers , credential theft and escalation
The growing need for a no-compromise data protection strategy is prompting organisations to reevaluate how they identify and mitigate against data loss or damage .
and C2 activity – but won ’ t let lesssophisticated attacks slip through its fingers either .
Finally , organisations should expect a truly human interaction with the provider ’ s security analysts . Be wary of being forced to rely on dashboards , emails or portals when it comes to alerting , investigating security events , case management and other activities .
Expectations vs . reality
Not all MDR providers offer the same services and since no one size fits all , understanding the tools and procedures on offer and carefully weighing all considerations will be vital for selecting a provider that represents the ideal fit for the organisation ’ s size , existing security controls and needs . Asking detailed questions about the standard practices and technologies vendors utilise should help companies benchmark and compare providers and offer insights into how they would react to a specific security incident . Finally , it will be vital to assess if their threat response can be tailored to your processes – or if these are out of the box , with no flexibility .
There is no technology-based silver bullet for addressing cybersecurity challenges . Ultimately , it is the human factors , threatprotection techniques and process-based responses that make the difference between success and failure , so partnering with an MDR provider that can offer the right combination of technology , support and strategic guidance will be essential for elevating and optimising enterprise data security . u
76 www . intelligentciso . com