Engaging a managed security service provider—either a traditional MSSP or MDR provider—should never involve wasting your time. When you’ve decided to partner with a provider to manage your threat detection and incident response program, the last thing you want are false positives to investigate that become more tiresome than the alerts themselves.
At the end of the day, you shouldn’t pay for a list of things that you must validate before you figure out what’s actually important.
The best MDR providers perform alert validation up front to minimize the number of false positives sent to your team. MDR should be a partnership, not a human SMS system.
Looking for an MDR vendor? See who Forrester recommends in the 2021 Forrester Wave for MDR.
In order to accelerate alert validation, your provider needs to take on the majority of the detection and response process. Their goal should be to make your life easier, not tell you when the blinking red light is going off.
Any report you get should provide (at the very least) a high level of detail to determine the validity of the findings, as well as concrete steps to remediate. These reports should tell you the complete story of the attack and how to best contain the attacker, ..