While working for a managed security service provider (MSSP), Mike Sci – currently a senior solutions architect for eSentire – noticed that clients commonly purchased security information and event management (SIEM) solutions and ended up overburdened with alerts.“We would send clients alerts, and they didn’t know what to do with them,” Sci said. “It’s great to get an alert from a provider, but who responds to it?”
Then he came across a marketplace guide from Gartner describing a solution that answers that question and solves the alert fatigue problem: Managed detection and response (MDR).
That was the beginning of Sci’s journey in the MDR space. In his current role at eSentire, a leading MDR provider, he helps business leaders understand the security solution marketplace and safeguard data across networks, endpoints, and the cloud. During a webinar hosted by the technology advisory firm Stratosphere Networks on November 15, Sci instructed attendees on evaluating MDR suppliers and solutions.
For those who couldn’t attend, here’s a recap of some essential information covered during the virtual event.
Watch the recording: Demystifying MDR webinar
Cybersecurity: The big data problem
Modern businesses face a tidal wave of data. With information pouring in from cloud, hybrid and on-premises environments, there’s more noise to make sense of and a larger attack surface for cybercriminals to target, Sci explained.
“You need to leverage a platform to solve this massive data analysis problem,” he said.
The answer is a true MDR solution that captures signals from your network, endpoints, logs, and clouds via a common gateway, then normalizes the data and enriches it with whois info, machine learning, and global threat intelligence.
Defining the MDR marketplace: How to find the true MDR suppliers
Following the emergence of MDR in the security solution space, it quickly became a buzzword, and suppliers that don’t truly offer full-visibility MDR solutions started utilizing the terminology. Sci notes that the number of MDR suppliers listed by Gartner shot up from 14 in 2016 to over 200 today.
“Who are the contenders, and who are the pretenders?” he asked.
Although there isn’t a singular definition for true managed detection and response, Sci offered the following methodology for identifying true MDR solutions and assessing suppliers.
- Visibility: Can they see network traffic, cloud traffic, SaaS applications, logs, and endpoint activity?
- Detection: Does the provider only search for signature-based threats? Or do they also keep an eye out for unusual activity and conduct proactive threat hunting?
- Signal fidelity: It’s garbage in, garbage out. You want a provider with high-fidelity signals and full packet capture. For instance, eSentire can not only see packets and where they’re headed but can also look inside each packet and analyze it. They’ll put anything unusual in a sandbox, detonate it, and update their database if it turns out to be a zero-day threat.
- Response: Who’s responsible for responding to threats? It’s not true MDR if the supplier will simply send an alert and expect the client to proceed from there. You should also ask if the MDR provider has a cap on responses (e.g., 10 per contract period) or if they offer unlimited response services.
When considering MDR solution providers, you should also do some digging and consider the company’s background. This includes researching their mission statement, financial stability, commitment to innovation, and personnel. They should have dedicated threat intelligence analysts and researchers on staff.
“Most companies think they have a plan and a security service they can rely on until they have that business-impacting event,” Sci said. “Boxers surround themselves with experts to train and protect them from their opponents. The same is true of cybersecurity. You need an expert team and a true MDR system behind you to make sure you’re prepared for the next fight.”
Zach Hester, a senior vice president of advisory services for Stratosphere Networks, also presented during the event, providing a summary of Stratosphere’s services, which help businesses save a significant amount of time by streamlining the process of shopping for the right IT solutions. With extensive technology experience, a vast partner network, and access to advanced tools, the company helps businesses avoid biased sales pitches and efficiently identify best-in-class products – including MDR solutions.
To learn more about MDR from eSentire and others in the marketplace, call 877-599-3999 or email sales@stratospherenetworks.com to schedule a consultation.
