The Home of the Security Bloggers Network
Home » Security Boulevard (Original) »
It’s essential that outsourced services are trusted and monitored just as internal teams would be, especially now as cybersecurity becomes a boardroom challenge and priority. Managed detection and response (MDR) providers will use their own security solutions in the businesses’ network environment, meaning that while vetting providers, organizations will want to choose one that can easily integrate with existing tools and technologies, as well as trust wholeheartedly.
Amid an unprecedented year of high-profile cyberattacks, organizations are prioritizing new security initiatives (like zero-trust), but they are failing to improve on essential fundamentals. Turning to an MDR provider can help address such disadvantages. Here are just a few of the most important aspects to vet when choosing the MDR provider that is best for your organization.
Security metrics are increasingly critical not only to benefit security teams, but to communicate to the C-suite and board how to improve an organization’s bottom line. This will also help prove that an effective security architecture is key for success. Unfortunately, recent research shows that organizations lack the metrics needed to create such a risk-oriented security posture. For example:
These findings paint a clear picture of the critical roadblocks that plague security teams, including blind spots, a lack of operational efficiencies and actionable metrics that prevent them from effectively detecting threats. With these statistics in mind, organizations must choose an MDR provider with the ability to share such key metrics that will ultimately help decrease risk, save time and money and help gain credibility. By checking those three items off the list, organizations will know they are moving in the right direction when selecting a partner in combating today’s cybersecurity threats.
Many organizations have tools in place to help with the detection process, but what they don’t have is the time to continuously manage, update and tune detection content across security information and management (SIEM) and endpoint detection and response (EDR) tools. In a recent survey, 31% of leaders reported their security staff spends at least three hours a day manually administering and managing (optimizing, writing rules, integrating) tools. The overwhelming majority (57%) of organizations have one staff member managing more than four tools in their organizations. Even more striking is that only 17% have one staff member assigned to manage a single tool.
To effectively address these inefficiencies, MDR providers should prove they can assess key risks and map back to known frameworks before an organization considers outsourcing these capabilities. It’s critical to ask, “Will the provider give us a unified view of data and tool inputs and context so our teams can make fast, smart decisions to investigate and remediate issues?” and “Will the provider proactively run threat hunts on our behalf?” Organizations should also ensure the MDR provider they work with can help with cloud security and apply threat research and trends from across their customer base.
This may come as a surprise in today’s digital age, but enterprise-wide visibility is still lacking or missing altogether. In fact, only 13% of security leaders say they have greater than 75% visibility across all their security tools, including on-premises and the cloud, and 69% believe they have greater than 50% visibility across those same parameters.
Of those same security leaders, over half believe threat detection and response efficiency could be improved with better visibility by integrating and providing a singular view across tools. That same percentage also thinks it would improve with increased visibility into IT assets in the organization. Yet, while visibility is identified as an issue, only 36% of security leaders say they are measuring visibility across their business environment. This is where having an MDR provider will help bridge the gap and provide a clearer view across various tools implemented within the organization.
Tool sprawl is real, and many executives are concerned that with so many tools and not enough people to manage them all, they will lack a unified view of data and context to make fast, informed decisions to investigate and remedy issues. Choosing the right MDR provider will provide leaders with the clarity and peace of mind they need through a trusted partnership to see deeper into their data, offering that much needed visibility enterprise-wide. Giving up an organization’s data to a third-party source can be nerve-wracking, but doing so with the right partner can make a world of difference. Although the process of vetting can be long, it is important to ensure this capability is in place to determine what security practices and initiatives will be most beneficial across the organization.
With thousands of security tools and hundreds of managed services providers out there, it is no small task to build out a successful security program. Despite the growing complexity and impact that security threats present to organizations, the right MDR provider can offer a scalable solution to a CISO who is facing qualified labor shortages, training difficulties, and technological infrastructure issues. They will also successfully amplify the reach of an organization’s existing security team by freeing them from the time-consuming process of investigating and responding to every security anomaly. To prevent future distress, the time to act is now.
Ashok Sankar brings over 25 years of expertise across the technology product strategy, management and marketing discipline. He is currently VP of Solutions Marketing at ReliaQuest, where he partners with their Platform and SOC teams in their mission to help organizations reduce security complexity so they can better manage risk and confidently drive measurable and actionable outcomes. He leads thought leadership and strategic marketing initiatives to drive awareness of their unique value propositions consistently across various channels and develop relevant content to foster productive engagements with prospects and customers.
ashok-sankar has 1 posts and counting.See all posts by ashok-sankar
The Home of the Security Bloggers Network