Does MDR come to rescue when SIEM is too complex & SOC seems too huge a commitment?
MDR services exist to support a variety of buyers, which generally align with three groups:
- Organizations that have very minimal in-house detection and response capabilities, where an MDR service forms the primary (sometimes only) security operations capability.
- Organizations that have invested in detection technologies but are unable to build in-house people or process capabilities to support the security operations mission.
- Organizations that have already made investments in people, processes and technologies for threat detection and response, or plan to make those investments, say, as part of building their own internal SOC, and are looking to MDR providers for support.
Pick the Right Vendor to Suit Your Needs:
- Is your MDR provider capable of monitoring your existing IT stack, or are they skilled to support only specific vendor’s security software?
- Does the MDR provider have cloud security capabilities to ensure they can monitor your infrastructure on-premises as well as on the cloud?
- Does the MDR provider support the compliance and regulatory guidelines you are required to adhere to? This is of prime importance for Healthcare and BFSI organizations.
- What is the pricing model that your MDR provider is offering, is it an annual subscription model or is it based on event volumes and therefore fluctuates?
- Be clear on the different things your MDR provider supports. Since the MDR Service offering is still not fully matured, it is good to know what technology stack is being supported. The MDR label is being coopted by service providers that demonstrate few, if any, of the characteristics defining the MDR market and are more aligned to the MSS market.