This is possibly the most overlooked aspect of selecting an MDR partner. But when you get to a hair-on-fire, all-hands-on-deck moment, you’ll be glad you don’t have to live out this meme.
In the Gartner article, “How and When to Change Your Managed Security Service Provider,” there’s a big call out: “You can outsource the tactical effort for security, but not the responsibility, liability, and accountability.”
Having the best threat detection methodologies, a streamlined and efficient process for validating threats, and a rock-solid reporting standard may still leave you open to unexpected costs.
For example, what happens when attackers breach your environment, despite all the security controls like next-gen AV and modern firewalls that are a part of your defense-in-depth approach?
This goes far beyond a typical alert investigation and guidance available from your MDR provider who investigates and writes up an Incident Findings Report. And, in this case, any use of managed response capabilities would essentially be playing hacker whack-a-mole.
We’re talking something like:
Evidence of previously unknown attacker activity
Evidence of attacker activity expanding to affect multiple endpoints
Evidence of lateral movement, data exfiltration, or staging
This is the time you need more help than what most 24x7 security operations ..