Ask the Right Questions to Get the Right Solution.
10 min read
If you’re aiming to improve your organization’s threat detection and incident response (TDIR) capabilities, I’m willing to bet you’re annoyed and frustrated by trying to navigate the managed cybersecurity market that’s rife with imprecise terminology and vendors willing to bend definitions to fit their solutions. As a result, you have an extremely difficult job in trying to find the right solutions, let alone pick the best one.
So, in short, if you are looking for wider attack surface coverage, deeper threat detection, and faster incident response, I hope this article gives you some clarity and confidence in your evaluation process.
Step 1: Untangle the Market Categories
Unfortunately, cybersecurity market analysts and vendors invent a new solution category every time they simply improve a feature or introduce a new approach. As a result, to improve threat detection and incident response, you have to sift through the following market categories. I’ll explain my take on what actual nuances matter in each category.
Step 2: Consider Attack Surface Coverage
Once you understand the nuances of the categories and can articulate what scope of technology and service are important to you, next is to evaluate which vendors have the wherewithal to protect your environment. This is a great way to quickly pare down the field of contenders. Look for an online library of data source integrations or similar terminology. Disqualify any platform that doesn’t cover your IT estate, especially vulnerable legacy systems that might not always be fully patched.
Protect more than your “Digital Front Door”
Your business has many points of cyber-attack vulnerability
Step 3: Inspect the Detection
So, you’ve shortlisted the type of provider and shortlisted those that cover your assets. Now, it's time to inspect that coverage as not all data source integrations are created equal. Watch out for really weak integrations that may collect data but not really mine intelligence and serve up actionable alerts. Ask your vendor to explain their Common Indexing Model (CIM) which is what makes it possible for their system to identify Indicators of Compromise (IoCs) across multiple assets. A vendor’s integration is much more than ingesting data. Ask to understand these five (5) elements – Parsing Rules, Correlation Rules, Alerts, Dashboards, and Reports. A common requirement is in-depth Microsoft 365 integration.
Step 4: Be Skeptical About Response
This is where the rubber meets the road as they say. Because of the multiple stages and hands-on activity involved, Incident Response requires particular attention. Reality is you and the vendor should accept a shared responsibility (or “shared fate”) mentality to truly have a successful outcome. Ask your vendor about how much involvement you have in shaping the SecOps Runbook and IR Playbook. Ask about Automated Response as well as Guided Remediation support. Both machine and human involvement should be expected. Speaking of humans, throughout the tuning, monitoring, detection and response stages, insist on a full understanding of their SOC’s dedication to your environment and specialized roles in malware analysis, threat intelligence, threat hunting, incident response, and customer success management.
BONUS: Consider an MSP
Because of their intimate knowledge of the IT environment and advantages of an existing relationship, IT managed service providers (MSPs) are taking on more managed cybersecurity responsibilities including threat detection and incident response. A winning cybersecurity combination for many organizations is to work with an MSP that is a cybersecurity generalist but brings a Managed XDR specialist into the SecOps picture. Such vendors must be MSP-ready and account for multi-tenant management, flexible pricing models for continuous scaling up and down, and simple deployment.
Educated Buyers Make the Best Customers
Figuring out the best combination of in-house staff, cybersecurity tools, and cybersecurity partners is tough. At Netsurion, our aim is to help you untangle it and make sure we’re a good fit for your expectations. Check out these additional resources to help you shape your SecOps model.
Download the Whitepaper
5 min read
7 min read
10 min read