With the expansion of managed detection and response (MDR) providers, organizations should take added caution these days in seeking updates to their security programs, or in adjusting contracts with managed security solutions providers (MSSPs).
CyVig experts recommend this checklist. In general, your IT team should be asking questions like:
- Is the MSSP able to provide metrics showing active and decisive monitoring of the environment?
- What types of threats can the MSSP detect? If any have been detected, how has the environment been remediated as a result?
- What does the MSSP do to scale and tune to your unique environment?
Assessing your cybersecurity program needs
No matter what stage of your cybersecurity maturity, or the extent of security expertise with your IT team or MSSP, the relationship between stakeholders in your organization and the people monitoring your network environments is paramount.
Is this next pivot in your security program really about filling a serious void? Or is the component of the program really just arbitrary?
Is the measure being proposed by your IT team or MSSP about addressing a recent issue/event? Or perhaps it’s because a colleague read a harrowing news report about a major corporate cybersecurity incident or data breach?
With cybersecurity, many stakeholders and even some IT professionals do not always consider what it takes to make a program proactive – especially for organizations or MSSPs that are accustomed to working more deliberately and reactively on security.
Is the MSSP able to provide metrics showing active and decisive monitoring of the environment?
Is your IT team or MSSP considering your unique network environment?
We’re in a different mindset now with technology and the degree to which information is shared across cloud environments and a rapidly increasing number of network-connected workplace devices.
CyVig experts recommend having at least a few team members involved who are exclusively focused on security, rather than assigning MDR-related tasks to IT generalists or other team members that lack experience engineering cybersecurity solutions or analyzing cybersecurity issues.
Tailoring the security program to your unique organizational network environment is crucial to seamless operations.
What do you want detection, response and remediation to look like?
Without customization of the security program, you face a situation where an MSSP may be trying to pigeonhole your IT team into solutions that fail to augment your current security program and processes.
If your organization faced a security incident, what would the detection, response, and eventual remediation look like from start to finish? If that question is not clearly being answered by your IT leadership or MSSP partners, there is an issue.
Try asking some newly focused questions as you explore the actual impact of your cybersecurity personnel and solutions.