Top Considerations for Choosing a Managed Detection & Response Provider

Top Considerations for Choosing a Managed Detection & Response Provider

by Ellen Zhang on Thursday February 14, 2019

A panel of data security experts discuss the top considerations for choosing a Managed Detection & Response provider, including scale, technology, experience, and cost.

18 Data Security Experts Reveal the Top Considerations for Choosing a Managed Detection & Response Provider

Companies outsourcing security need Managed Detection & Response providers (MDR) more than ever to improve cyber resilience. With the security landscape growing more complex, and the costs of maintaining adequate in-house security teams high, it makes sense for many companies to outsource the tasks of threat hunting and response to ensure that they can promptly identify potential threats and react swiftly to mitigate damages. Managed Detection & Response providers often integrate tools such as Endpoint Detection & Response and other solutions to detect threats, analyze risk, and correlate threat data to pinpoint patterns that could indicate a larger attack.

Because Managed Detection & Response providers play an integral role in maintaining a company’s security posture, it’s vitally important to carefully weigh all considerations when selecting a MDR provider. To help you understand the various factors and other considerations you should evaluate when selecting a provider, we reached out to a panel of data security experts and asked them to answer this question:

“What are the top considerations for choosing a Managed Detection & Response provider?”

 

Jon Zayicek is a computer and cybersecurity expert with 17 years of hands on experience in both network administration and security policy development and implementation who now has a focus on cloud implementations as well as cloud security. He currently serves as Practice Principal, Risk and Security at Cask.

“The top considerations for choosing a Managed Detection & Response provider include…”

Technology offering:

  • Integration points are a necessity to pull in alerts from existing security tools.
  • Is there an API and the supporting API documentation?
  • Detection: Can the offering detect known and unknown threats?
  • Is the response tailored to your processes or are they out of box with no flexibility?

People:

  • What industry certifications does the company and the people hold?
  • What is the makeup of the security team?
  • Will training be provided at the end of deployment?

Service Level Agreements:

  • Does the vendor provide 24×7 support, monitoring, etc.? This is very important to consider, given that if the tool is not accessible, alerts will be missed.