How to choose an MDR solution

You’re spoiled for choice with security solutions, and while that makes it more likely that one of them is right for you, it also means you have to spend longer assessing the candidates. To help you narrow down the search and find the right partner quicker, here are the five big questions that you need to ask.

1. What is their level of threat intelligence and response?
2. How do they provide 24/7 coverage?
3. How quickly do they discover and address threats?
4. Can they integrate with your existing security, and if so, how?
5. Do they offer a breach warranty?

What is their level of threat intelligence and response?

You may already have a list of cyber attacks that your sector is prone to, or that your business faces a lot. If not, you can easily establish the current top security threats and choose an MDR solution that will protect you from those.

Of course, you won’t only want protection from the best-known attacks. Cyber crime is an innovative ‘industry’, and it creates and adapts methods of attack as technology and security measures evolve. You should expect an MDR provider to be aware of emerging trends, and be able to spot attacks even if they’re novel or unusual.

How do they provide 24/7 coverage?

While your own teams have their working hours, an MDR provider will offer 24/7 protection. They can either do that through placing teams in multiple time zones, or through shift workers who take on the antisocial and non-office hours.

Either is perfectly fine, but be sure that your provider isn’t using less skilled shift workers out of office hours, or even worse, automation instead of people. That would lead to an inconsistent level of protection, which undermines the point of a 24/7 solution.

How quickly do they discover and address threats?

Find out the average detection and response time for various types of threats, as well as false alarms. Time is of the essence with a cyber attack, because of course the longer it goes unchallenged, the more damage it can do.

Find out or agree the SLAs for breach investigation and remediation. Also, bear in mind that the averages could vary based on your sector or the size of your organisation. If you research those independently, you will be able to measure your provider’s offering against that.

Can they integrate with your existing security, and if so, how?

It shouldn’t be a choice between MDR and your existing security. Some MDR providers will require their customers to replace their existing systems with the new partner’s. They can’t or won’t provide managed detection and response for other companies’ solutions.

There’s the immediate inconvenience of having to replace your programmes, but also the ongoing difficulty of adapting to new protocols and possibly training your teams. Your security teams will probably be better at using the tools you have, and unless you do want to replace your systems, MDR should fill in the gaps, not overhaul everything.

Do they offer a breach warranty?

A good MDR solution could offer a ‘triple lock’ reassurance:

• 24/7 expert monitoring
• Potential for higher levels of cyber insurance
• Breach warranty

Like any warranty, the vendor should be comfortable putting their money where their mouth is. Find out what coverage your business would receive, and if the warranty is included with your purchase. You can also find out if the provider underwrites the policy themselves, or uses third-party insurers — that’s not necessarily a deal-breaker, but it demonstrates a level of confidence and reliability.

How do I know if I need MDR?

Not sure if MDR is something you need? Read this blog and see if you’re one of the businesses that MDR would help.

Thinking that an MDR solution might be the right fit for your business? Get in touch today for a no-obligation chat. We can assess your current solutions, identify potential vulnerabilities, and discuss an MDR strategy to reduce the risks and the cost of breaches.

01268 288100 | [email protected]