As corporate cybersecurity teams mature their threat detection and response efforts, they continue to face challenges like maintaining adequate staffing levels and keeping up with mitigation technologies in the face of rapidly evolving threats.
Disrupting today’s sophisticated, targeted threats requires a risk-based approach that encompasses people, processes and technology across the entire security lifecycle. The reality, however, is that many enterprises don’t have strong capabilities across all three of these areas.
Managed Detection and Response (MDR) is an umbrella term for an array of capabilities that enable organizations to evolve from a reactive to a proactive security posture, accelerating their response speeds and providing more efficient, robust protection against targeted threats.
An increasing number of enterprises are leveraging MDR as a core component of their security strategy. In fact, Gartner predicts that 50% of organizations will use MDR services by 2025, up from less than 5% in 2019.
Whether you are currently using MDR and want to take your security program to the next level or evaluating providers for the first time, it is essential to have a clear set of questions and criteria to help you identify the MDR partner that can deliver the exact security outcomes your enterprise needs today—and tomorrow.
Evaluate MDR Providers in Three Core Areas
Assess potential providers across three core areas—MDR capabilities, technology and service delivery models and support—by asking these questions:
- What attack surfaces do you cover?
- What data do you use to detect threats?
- What are your detection capabilities?
- How do you disrupt and block threats?
- How quickly do you escalate incidents?
- What’s your process for detecting and responding to unusual user behavior?
- How do we engage with you?
Technology and Service Delivery Models
- Are there limitations on the telemetry ingested?
- Does the vendor adhere to the MITRE ATT&CK framework?
- Does the vendor understand your entire IT environment and security controls?
- Will you have full access to the MDR backend technology?
- How quickly are alerts delivered?
- Is there a single customer portal?
- How will the provider communicate with your team?
- What does the engagement model look like?
- What are your support hours?
- How does the provider approach operational health and monitoring
- Does the provider provide ongoing assessments?
- How quickly can your SOC team sale up?
Human Led, Machine Driven MDR
Cyderes’s flagship MDR service provides comprehensive human-led and machine-driven detection and response rapidly and at scale. We apply a greater mix of people and processes to the way that we do MDR, leveraging our team of best-in-class security analysts to filter out noise and find the highest-priority threats in a way that only a human with extensive experience can achieve.