<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

 

Blog

Read or download all Datashield news, reviews, content, and more.

 

All Posts

How to Pick an MDR Partner

mdr providerCybercrime, job openings, and vulnerable software are at an all-time high.

Everyone is knee-deep in planning or executing a digital transformation strategy. But resources and budgets are limited, the skill gap is increasing, and on-demand access is adding complexity. Outsourcing is becoming the norm, and standard MSSP’s are falling to the wayside.

Marketing terms can be confusing, and everyone “says,” they do the latest buzzword.

MDR is one of those items. MDR (Managed Detection & Response) is the evolution of an MSSP, whereas they move past the “alert” fatigue phase and do deeper level investigations. Forensic investigations require broader tools access, higher skill level, and deeper processes and knowledge, including threat hunting. 

Threat hunting is a term for a skilled security analyst to manually look through (hunt) logs and packets to find out of the norm activities that otherwise got passed all other security tools.

How often does this happen, you might ask? Well, that depends but generally, often. Attackers are continually coming up with new evasion techniques or exploiting tools that have little or no logging.

Finding an MDR provider is easy, but how do you find a good one? When looking for an MDR provider, there are many things to consider, and we hope the below points help you identify one.

 

Ensure Full Packet Capture

Make sure you understand what technology the provider is deploying and if it is proprietary or off the shelf. Ensure the technology accepts multiple sources of data, including logs, packets, endpoints, and cloud data. Packet capture is often a differentiator in an MDR provider as it allows them to see actual data in transit. Not all tools do “full” packet capture, but instead, do a signature capture where you get packet capture from known threats.

 

Have a Holistic Threat Intelligence Approach

Not all threat intelligence is the same; it’s easy to pull in a ton of feeds. Instead, find a provider that uses standard threat intelligence gathers its own and uses your company’s information to build profiles of your network and data.

 

Determine Access and Ownership

Are the tools in the providers’ network or yours? Do you have full access to the data, and does the data belong to you?

 

Team Compatibility

Make sure you have a central point of contact and can you contact an engineer or an analyst anytime you need 24x7x365. It’s essential to be able to look to your outsourced provider as an extension of your team and not a typical vendor. 

Ensure your MDR company can handle incidents and goes out of their way to ensure incident management with care and urgency. 

 

Information Access

Pick a provider who gives quick access to tickets, information, dashboards, and metrics and follows common frameworks such as MITRE ATT&CK.

 

Accreditations Matter

Do they hold any accreditations? Pick a provider who has the knowledge needed to support you if an incident occurs. Make sure they understand cloud, networks, and applications. Often providers cannot develop custom content that allows searching for new threats quickly. Do they do anything to understand your infrastructure, applications, and data? Lastly, a provider should be open to knowledge share and training of your staff.

 

Conclusion

Outsourcing your security operations is a critical business decision, and not all companies are the same. When evaluating us or any other MDR vendor, please do your due diligence and ensure the MDR provider indeed does what they say they do.

Topics from this Article

Managed Detection and Response, MDR, Full Packet Capture, Managed Security Service Providers, MITRE ATT&CK

Jeff Marshall
Jeff Marshall
Jeff Marshall was the previous Chief Information Security Officer at Datashield and contributed technical content to the Datashield resource library. Jeff worked at Datashield for nearly 4 years and provided thought leadership and educational content for the Datashield resource library.

Related Posts

Lumifi Cyber Acquires Datashield to Deliver Next-Generation Managed Detection and Response

Combines AI and Machine Learning-Based Software with MDR Services to Provide Fortune 500-Grade Security to Companies of All Sizes Palm Desert, CA and Scottsdale, AZ — May 3, 2022 — Lumifi Cyber, Inc., a next-generation managed detection and response (MDR) cybersecurity software provider, today announced its acquisition of Datashield, Inc., an end-to-end cybersecurity resilience services provider, to deliver Fortune 500-grade security to companies of all sizes for an affordable monthly price.

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

The Difference Between Cybersecurity & Network Security

The Difference Between Cybersecurity & Network Security