Issue link: https://insights.oneneck.com/i/1348189
AlertLogic.com H OW TO C H O OSE A N E FFEC T I V E M A N AG E D D E T EC T I O N A N D R E SP O N SE (M D R ) PR OV I D E R 4 4. Are Responses Relevant and Reliable? Cybersecurity tools are crucial for analyzing activity at scale and filtering through the noise to identify events that require attention. However, tools alone are not enough. Detection must be combined with human intelligence from cybersecurity professionals for credible validation before taking action to respond. Your environment is complex and dynamic, and the threat landscape is constantly shifting. Tools alone can result in false positives or misguided prioritization of potential threats. MDR needs to include human intelligence to understand the broader context and impact and provide the necessary analysis to determine the appropriate response. The prioritization of, and response to, threats must be unique to your environment. A given attack or exploit may theoretically be "critical," but the potential impact to your network and data must be viewed from the perspective of mitigating factors that reduce or eliminate the threat from the value or impact of the potentially affected systems. How you respond to a given threat may be different from other organizations. Your MDR solution should offer custom responses specific to your environment, assets, and exposure to risk. The MDR provider needs to enrich security notifications with additional data and context before taking any active steps to mitigate a threat. Ask the MDR providers you're evaluating: Do you have expert cybersecurity professionals with the right skills and experience to reliably respond to security incidents? Are humans involved in the analysis of security events to reduce false positives? Do security experts play a part in threat prioritization? Is incident response customized for my unique environment and situation? 5. Is the Solution Automated and Scalable? According to NIST, there were over 17,000 common vulnerabilities and exposures (CVEs) reported in 2019. That is an average of 50 new vulnerabilities daily. AV-Test registers more than 350,000 new malicious programs and potentially unwanted applications every day. MDR must have automated, continuous information gathering to be able to catalog and analyze the overwhelming volume of new threats. It must also include analytics to provide high-quality indications of attack to eliminate dwell time and inform effective response efforts. Does the MDR provider have cloud-native tools? Is threat detection automated to keep pace with the volume of security events? Can the detection and analysis scale to meet demand? "Response is a defining element of MDR services." 2 2 Gartner, "Midsize Enterprises Should Embrace MDR Providers," James Browning, Toby Bussa, 27 February 2020