Intelligent Tech Channels Issue 23 | Page 38

tools, threat intel feeds, third party data sources and the IT asset database to identify not only where there is a threat, but its risk compared to others in the queue. While MDR providers are focused on advanced threats such as lateral movement by hackers, credential theft and escalation, and command and control activity, a good MDR provider won’t let less sophisticated attacks slip through its fingers. So, check a potential partner will investigate all threat types. 4. Don’t be afraid to pursue due diligence questions You’ll need to be confident that an MDR lives and breathes security in everything they do. Request a copy of their SOC2 certification or any other third-party security audit or tour their facilities. A good MDR should also be able to provide you with the qualifications of their security analysts and, ideally, request to speak to one directly so you can come away satisfied that they are skilled, engaged and experienced enough to help your organisation. 5. Transparency is vital Ask about what visibility you’ll have into a provider’s performance and ask to see examples of actual reports to ensure these make sense to you and your business needs. CIOs/CISOs should have unprecedented transparency to all aspects of the security environment through dashboards and visualisation techniques. All of which will make it easier to communicate with an MDR provider about potential vulnerabilities and threats. 6. Check for industry- specific expertise Your organisation is likely to face specific threats based on the industry in which you operate – manufacturing is totally different to professional services or construction businesses. Which means you’ll need to choose a provider with experience and 38 Building next- generation capabilities for advanced threat detection and response is a complex endeavour that requires significant investment in time and resources. expertise detecting and responding to industry-specific threats, as well as generic threats such a phishing. It’s worth pointing out that it’s important to establish that MDR is a service provider’s core competence and they’re not just a general technology company that’s jumping onto the bandwagon. 7. What’s your trust level? Data and privacy regulations will need to be respected, so it’s important to establish your chosen provider can meet the compliance requirements you need to observe. When defining any organisational boundary, it will be important to understand the potential of vendor hold-up. Key to avoiding this risk is establishing trust in your MDR provider. 8. Responsiveness is all Evaluate a potential provider’s responsiveness throughout the discovery and sales process. You need to be certain the provider you select can operate in a timely manner with practices that provide the level of response your organisation expects. As an extension of your support team, it will be important that security event information is communicated quickly and in a comprehensive way that is understandable and actionable. During the evaluation period, check any promised response time is delivered and evaluate what out-of-hours threat monitoring looks like. Ask about what their threat response protocol looks like in the event of a successful attack. 9. What’s the end-to-end delivery capability? Receiving security alerts with no context will just cause more headaches for your organisation. You need to determine the full range of capabilities of the provider you’re considering. Ideally, you need a provider that can respond to various types of attack, from the moment the attack occurs to the point at which the incident has been fully investigated and your organisation is back up and running. Having a flexible and highly capable MDR provider will be invaluable to your organisation in a time of crisis. Make sure you work with a partner that can customise their output to meet the specific needs of your organisation – ideally, one that can offer playbooks and pre-defined workflows that enable you to quickly assess and remediate security incidents based on best practices. 10. Be prepared to test a provider’s claims During the proof of concept period, it’s a good idea to test out an MDR provider to see if they notice any anomalous behaviours that would be important to you. If you don’t have experienced penetration testers on staff, consider using threat simulation services from a third party to ensure your potential provider is up to the job. Not all MDR providers offer the same services or technologies, so companies will need to choose wisely by selecting the one that is the ideal fit for their organisation’s size, security controls in place and needs. You can also ask for proofs of concept to validate a provider’s claims. ˜