Managed Threat Detection and Response: A Guide to Finding a Trusted Security Partner
With security tasks and responsibilities expanding indefinitely, enterprises large and small often lack the internal resources to do security right. The good news is, managed security service partners (MSSPs) are standing up to the task, eager to help. But the bad news is, deeper evaluations are needed today. After all, enterprises are hiring MSSPs to fight cyber attacks for them--asking partners to act on identified threats in place of their internal personnel. In the age of outsourced cyber-crime fighters, trust is essential and comprehensive assessments are required to pinpoint the most trustworthy “security ninjas.” Here are the key requirements to look for in managed detection and response services and the single-most important factor every executive should use to evaluate prospective partners.
Managed Detection and Response Services: Key Criteria
Internal network activity, end points, and remote users must all be continuously monitored for a potential security compromise. This leaves massive amounts of information for enterprise security teams to decipher and little (or even no time) to actually react to the identified threats. Response is the last yet most important step!
In these cases, managed detection and response services are helpful. These services take traditional managed security monitoring services one step further, actually acting on behalf of the customer (the in-house IT team) to mitigate the threats. When shopping these extended services, you’ll want a team that will act as a natural extension of your internal team. Look for a provider that is willing to design a program and process around your existing security operations.
Key Criteria Include:
- Customizable incident and response processes that complement or mimic your existing operations
- Best practices in response plans and mature processes that incorporate threat intelligence
- Threat response playbooks should be maintained and continually updated, blending your customized response process and best practices together as go-to guidebook
- Seamless ticketing integration to unify and simplify processes across external teams
- A dashboard with a single "pane of glass" for analytics and insights
- Customizable service level agreements and customized reporting processes, allowing you to design your own program and success metrics then receive reports that present data in the ways that make the most sense for executives
Managed Detection and Response: Must-Have Tools & Services
Network Visibility Tools and Analytics
When every minute an attacker has inside your network means more potential to do harm, responsiveness is critical. To make the fastest, most accurate threat evaluation, security analysts need historical network activity as well as real-time information. This is why complete network visibility can reduce the amount of time it takes your partner to assess threats and react. Advanced visibility tools mean faster service across all stages--threat awareness, examination, identification, confirmation, and response.
Network Visibility Technology Requirements:
- Retrospective network analysis capabilities
- Network visibility tools showing real-time activity by location, application, and user
- Machine learning and behavioral analytics that use algorithms to rapidly identify anomalous outliers and pinpoint suspicious activity happening inside the network
- Integrated endpoint detection and response (EDR) capabilities--beyond just antivirus or anti-malware software, these tools help find and isolate compromised endpoints before any real damage is inflicted
- Integrated security and network analytics--the most advanced providers unite security and network analytics into a single dashboard, providing a holistic view of consolidated information for the highest level of insights
Flexible Capabilities Addressing SD-WAN, Cloud, and On-Premise Environments
When your IT infrastructure spans the gamut--including on-premise, cloud, and hybrid environments including SD-WAN--your partner’s security capabilities should be able to cover that entire IT landscape. A full stack of technology options and services are needed to protect all types of assets on a global scale. To ensure each IT environment, application, location, user, and device is securely monitored and managed, look for a partner that caters to today’s multi-cloud, digitally transforming enterprise.
Key Tools and Services Include:
- Secure All SaaS Apps with CASB: Enterprises are required to secure the cloud applications and services they use, but with a long list of officially sanctioned and unmanaged Shadow IT tools, security is not always easy. That's why a Cloud Access Service Broker (CASB) is helpful. CASBs are designed to work with any and all SaaS applications, enabling detection and response for cloud apps. Leading providers will integrate services with leading CASB technologies for continuous monitoring and incident response.
- Protect Cloud Workloads with Extended Monitoring: Cloud-first strategies and migration to IaaS/PaaS can make security complex, because traditional security tools don’t work well in the cloud--a single misconfiguration or missing control can mean a data breach. But many MSSPs are making cloud workload protection far easier with solutions that monitor servers, virtual machines, cloud operating systems, and containers. These monitoring services deploy automatically and receive updated security policies every 60 seconds from the SaaS-based management platform. This way, the MSSP can identify misconfigurations, vulnerabilities or indicators of compromise and act accordingly in response.
- Defend SD-WAN Networks with Security Monitoring and Built-In Features: With the rapid rise in SD-WAN adoption, many executives seek out partners that specialize in SD-WAN security monitoring and SD-WAN managed services. Consider a Managed SD-WAN solution with secure edge architecture that includes integrated next generation firewalls with Unified Threat Management. Built-in security features are essential in SD-WAN environments and adding on security monitoring services creates an all-encompassing approach.
- Owned/Operated: Providers should own and operate their security operations centers--make sure security monitoring and analysis isn’t outsourced to a third party
- Experience: Understand the tenure of security analysts and program leaders (average <15 months for security analysts)
- Around-the-Clock Coverage: Providers should offer a 24/7 team providing security monitoring, threat intelligence, advanced threat detection as well as response services
- Training and Certifications: Probe into the provider’s training and industry certifications
- Scalability: Ensure you have the ability to scale teams up with short notice
- Quality: Evaluate the company’s reputation for customer service and ask them about their Net Promoter Scores, as these can also be indicators of top talent and customer retention
- Accessibility: Understand how long it will take you to reach an analyst by phone and know the process for issues and escalations
- Location: Some enterprise customers put extra emphasis on the location of the security talent, preferring operations within the continental U.S. or within their primary country of operation Masergy earns the trust of IT decision makers with Net Promoter Scores of 70+ and a portfolio of managed services spanning security, SD-WAN, and cloud communications. When you're ready to talk about managed detection and response for your organization, invite us to the conversation. Contact us today for a free consultation.
Solution design flexibility can also make a big difference. The most agile solutions allow you to select and use the technologies that fill your specific security gaps, turning off and on the tools you need. With a customizable set of offerings that easily integrate into your IT environment, you should be able to continually add or subtract services as you evolve with more cloud applications, end users, and connected devices.
Finding a Trusted Partner: The Single Most Important Factor
The world is abuzz with artificial intelligence, machine learning, and behavioral analytics that get closer to simulating human decision making. While modern technologies add immense value to defense mechanisms, these advances shouldn’t overshadow the continued importance of human talent. Still considered 50% of the success equation, experienced security professionals remain the single most valuable element in strengthening any enterprise security posture. As such, the human factor should be a mainstay in your decision-making criteria.
Talent Factors Include: