Currently, a number of new services and technical solutions are appearing on the market that build on the concept of traditional security monitoring in the form of a Security Operations Center (SOC). Among the latest trends in this area is the Managed Detection and Response (MDR) service, which builds on the premise of implementing advanced technologies into the center of daily operations of security SOC teams and its analysts.
MDR solutions work with SIEM (Security Information and Event Management) tools to collect and analyze security data from various system sources. These tools, in addition to real-time flash threat detection itself, allow you to develop a plan for immediate response to security threats, orchestrate automated procedures for incidents that occur, and thus effectively reduce the demands on the traditional Security Operations Center.
Another important component of a full MDR solution is integrated endpoint protection. With the advent of cloud-based resources and modern collaboration tools, employees routinely work outside the secure corporate network and can access sensitive corporate data from multiple locations and devices. For this reason, endpoints on the periphery of the internal IT infrastructure are becoming a focus for attackers and now play a key role in the cybersecurity strategy of any organization, regardless of size.
In spite of the relatively wide range of MDR products on the market, not all tools and services are categorically equal, so it is necessary to pay attention to detailed parameters when choosing a suitable supplier.
What are the selection criteria?
The basic criterion remains the selection of the technical solution itself, where the emphasis is on maximum flexibility of SIEM tools and the scope of coverage, including the possibility for variable connection of monitored information sources. In EDR solutions, the ability of these tools to work together, known as XDR (Extended Detection Response), comes to the fore. The effectiveness of these tools overall is further enhanced significantly by the ability to use advanced machine learning and artificial intelligence (Machine Learning/AI).
The described technical aspects related to the ratio of acquisition and operating costs are too often the main or only criteria for organisations when selecting their MDR.
However, there are many other important factors to consider when making the right choice .
As an example, consider at least the following:
- The location of the SIEM system in the vendor’s own datacenter and its impact on operations in the event of an outage or the possibility of high availability of resources in the public cloud
- Emphasis on the protection, method and location of processed data, including strict separation from the organization’s production and vendor environments
- Ability to set a variable length for data retention (Data Retention Policy) according to the organization’s requirements or legal statutes and regulations
- Combined cost of retaining audit logs and data for the entire selected retention period
- The possibility and method of controlling the work of the contractor, including full auditability of its activities over the entire solution and the organization’s own data
- The need for regulatory compliance and a high standard of cyber security from the supplier itself as an integral part of the organisation’s own operations chain
Another of the essential criteria for selecting an MDR vendor is scalability and the ability to extend the solution according to the actual needs of the organization. This condition and the resulting flexibility of deployment is essential for the strategic planning and development of any dynamic organization. This is where System4u’s MDR service fully adapts to its customers, whether they are small-scale organizations at the beginning of their journey to the cloud, or fast-growing medium and large enterprises with a multitude of custom configurations and ongoing environment changes. It is good to keep this condition in mind when making a selection, also in view of the regulatory and statutory conditions that are undergoing regular revisions and can therefore expect further changes to the criteria in the future, which a quality vendor can seamlessly integrate into their solution.
So what should the MDR solution offer?
- Continuous 24/7 monitoring of all key elements of IT infrastructure
- Advanced Threat Intelligence feed
- Integrated Machine Learning/AI tools to increase overall efficiency in deployment, speed, accuracy and scope of threat assessment
- Fully integrated framework for event analysis and evaluation, e.g. MITRE ATT&CK or The Cyber Kill Chain
- Scalability and high flexibility of the service according to real customer needs, up-to-date solutions now and in the future
- Emphasis on response orchestration and advanced automation of the entire solution
- Emphasis on the protection of customer data and its location even during processing
- Retain the ability to fully audit the supplier’s work
- Supplier’s high level of expertise and compliance with required regulations within the organisation’s supply chain
- Full reporting on the overall status of the organisation’s security and quality of service delivery
We have developed the System4u MDR service to meet all the described parameters. Read more here.