This is the second of a two-part series. For the first part, click here.
Ask potential MDR providers how long their security personnel have been in the security industry and in IT overall. The answer will vary widely between organizations, but ten years or more overall is a good number. The point is to make sure they have the best qualified, proven experts and not just people right out of school. Experience and knowledge make a huge difference in the security field.
This refers to the amount of experience serving clients in a specific industry. If you’re in finance, ask how long the MDR vendor has been servicing financial clients and how many they serve. The most effective MDR suppliers will have experience associated with servicing customers in your industry over time.
The best MDR providers will have experience with all major security and compliance frameworks. Most of the IT and security leaders I speak with have some compliance standard or framework they need to satisfy. Experience in your necessary framework is vital to your organization’s overall success. Regardless of the compliance or security framework you build your security upon (NIST CSF, ISO 27001 and ISO 27002, SOC2, NERC CIP, HIPAA, GDPR, FISMA, etc.), make sure your MDR provider has experience in it and understands it.
Ask suppliers you interview if they do have this experience. See if they understand what is required from a compliance standpoint. Determine if they can comply with what you need (records retention, file monitoring, privacy concerns, etc.) and have a history of doing it. The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) is recognized as the standard for cybersecurity. Your provider should test against and provide analysis in relation to this or another appropriate security framework. They should also have tools to help you understand how you stack up in each of the categories, including where you’re strongest and where you need to improve.
Understanding what’s on your network and the threats they pose is key to staying ahead of threat actors. A qualified MDR provider will help identify all devices on your network when they arrive and when they leave. They will also cross-reference those devices and operating systems versus the National Vulnerability Database. This allows you to determine threat levels and make decisions about quarantining.
This is difficult, but ideally, an MDR needs to be able to help you understand how you’re doing versus your peers when it comes to preparedness and maturity. They do so by comparing your strengths, weaknesses, and drive security maturity and budget versus your peer group in specific industries and fields. That rating can help you drive funding for security with your board of directors. Showing that you rate higher than your competitors can also help promote your company to existing and prospective customers.
Ask your MDR provider if they can and will assist with presentations and/or communications to the board of directors. Do they stand behind the information, services, and guidance they offer when it counts?
You’ll want to see what’s important to you and your team via an always-on online dashboard. Ask if your MDR provider can deliver specialized reports. Ask about the process to obtain these reports and how long it will take. Having access to detailed security updates and status quickly is important.
In monitoring your network for threats, what is the reach for the MDR vendors threat intelligence? How many threat feeds are they using? Are they global or just national? The average MDR vendor has three to five threat intel feeds. Look for a vendor with at least ten, and look for a combination of free, paid, and proprietary sources to have a good mix and well-rounded view.
The better and more far-reaching the supplier’s view of the threat landscape, the better prepared they — and you — will be to understand threats to your environment. The MDR provider will also be able to detect threats and respond faster to dangers.
Understanding your organization’s exposure in relation to business email compromise is a key to good cyber hygiene. According to Verizon’s 2021 Data Breach Investigation Report, 43% of all BECs involve phishing or pretexting, which is up 11% year-over-year. Your staff needs to understand how attackers work and how to report possible compromise within your organization. They are your frontline defense.
Know your budget and, if it comes down to it, where you’re willing to make trade-offs in wants versus needs. As a final point of price negotiation, ask each of the finalists if the price they’ve given is the best they can deliver and will they match a competitor’s price for the same services. Pricing is usually not set in stone, and if they aren’t somewhat flexible here, they may be inflexible on other terms and services.
To learn more about how UncommonX’s security platform can benefit your organization, contact our team to request a demo and talk about your specific security needs.