Top 10 considerations
when choosing a
managed detection
and response provider
Gartner has identified managed detection and response (MDR) as the next
evolution of threat monitoring and incident response services. Jan van
Vliet, VP and General Manager EMEA at Digital Guardian reviews the top
factors that customers will be looking at when selecting an MDR provider.
W
36
n
ith cyberthreats increasing in
sophistication and frequency,
organisations of all sizes are
looking to enhance their security posture in
a bid to identify threats – and act fast before
these turn into breaches.
However, building next-generation
capabilities for advanced threat detection
and response is a complex endeavour that
requires significant investment in time and
resources. Which is why more and more
organisations are turning to specialist
managed detection and response (MDR)
providers to deliver the expertise, technology,
analytics and threat intelligence needed to
identify, contain and eliminate threats before
these cause damage or disruption.
Indeed, Gartner predicts that by 2020,
15% of organisations will be using MDR
services, up from less than 5% today.
With MDR providers set to play an
increasingly mission-critical role in helping
companies to secure their operations,
organisations will need to weigh up a variety
of factors when selecting an MDR partner.
Here at Digital Guardian, we invited a
panel of data security experts to identify the
top considerations companies will need to
evaluate when choosing an MDR provider.
Here’s what they told us.
va
n V
lie
t E
ME
A VP
ian
ard
and GM Digital Gu
1. Define the requirement
Organisations first need to decide exactly
what they hope to accomplish by entering
into a relationship with an MDR provider
– in other words, are you seeking ancillary
services that supplement current tools and
expertise, or a more complete protection
solution? Determining this will depend on
understanding your security programme’s
current maturity level. A good MDR will
provide a customised solution to company-
specific problems. So, defining what assets
– networks and applications – you’re trying
to protect will be the key to understanding
if a vendor has the capabilities you require.
During the proof of
concept period, it’s a
good idea to test out
an MDR provider to
see if they notice any
anomalous behaviours
that would be
important to you.