Quick Tips: How to Select a Strategic Breach Prevention Partner

June 15, 2021 - by Joey Lei

Share Button

Preventing breaches is a top-of-mind business priority for every organization. Gartner has recognized this need as a growing business trend. In the last 12 months, there has been a 44% growth in Managed Detection and Response (MDR) services inquiries. MDR, simply defined, are vital services that accelerate a security program by detecting security attacks and containing them before they can cause too much damage. However, the MDR market is quickly becoming saturated with what’s called “guidance only” services. ‘Guidance only’ services mean that MDR partners offering these services will detect security attacks and only guide you about the next steps and you will be required to manage all the nitty-gritty work of containing and remediating a breach. This article summarizes the essential capabilities organizations must look for in an MDR services offering.

Before moving to the essential elements of MDR services, you must identify the gaps in your security program’s detection and response capabilities.

According to Gartner, the following are the basic capabilities that must be found in any Detection and Response service:

  • Technologies that assist in detection, investigation, and response to threats
  • Staff skilled in threat monitoring, detection and hunting, threat intelligence, and incident response
  • Business processes that include a standard playbook of workflows and procedures

The following are best-of-breed capabilities to prioritize:

  • Detection of attacks that have bypassed protections
  • Investigation and containment actions beyond alert and notification
  • Ability to rapidly scale to the provisioning agility of cloud services
  • Shared ownership: i.e., a response SLA or a statement of accountability

If you find that ‘all of the above’ is the answer for ‘what are your gaps’, then MDR services may be right for you.  Here’s a sampling of what you can expect from an ideal MDR service.

1. Operated by Humans, Assisted by Machines

Synoptek’s MDR team consists of a 24×7 EOC, NOC, and SOC that works around the clock to contain threats. Powering this team is a fully managed global SIEM network triaging billions of events a day, a global threat intelligence database, and user entity and behavior analytics (UEBA) that detect anomalous activity (i.e., events that don’t commonly occur).

2. 24×7 Tailored Security Playbooks

According to Forrester, “security response should come from your playbooks, not vendor APIs”, implying that a guidance only MDR service may rely on Endpoint agent APIs to contain breaches autonomously. However, this response typically comes in the form of isolation or disconnecting the endpoint from the network. The extent of this type of response can be highly disruptive. An intelligent attacker will launch a precision attack to cause isolation of a mission-critical IT infrastructure and stop all business activities. While containing the threat, this would exacerbate the burden of response and encourage submission to cybercriminal demands.

Therefore, Synoptek tailors your playbook and performs response actions across endpoints, networks, and identity and access management tools to minimize disruption while allowing business continuity.  For many of our customers, this means understanding the context for a business process, the technology and IT infrastructure that supports the business process and having full ownership for the management and security controls to go beyond isolating the endpoint. Our security playbook is designed with customers’ inputs and is tailored with a mix of automated and manual processes, everything from “Call John” to “automatically block this user if it logs in from outside the U.S.”

3. Single-source Provider for Managed Technology and Managed Response

Finally, the most vital step is choosing the right strategic partner. Synoptek can be your single-source provider for Managed Technology and Managed Response because we share IT availability and security response accountability using the same Service Level Objectives (targeted uptime and response). Our IT availability services are backed by Service Level Guarantees (money back if missed) – and you shouldn’t settle for anything less.

Check out Synoptek’s MDR service to learn more and to understand how Synoptek’s MDR service can help you, contact our experts.