This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.”
Every organization is unique, with different goals, missions, security maturities, staffing models, technologies, and incident detection and response program needs. The best managed detection and response (MDR) providers know this and tailor the solution delivery to meet each customer where they are.
To achieve this, MDR providers will most likely have one of two approaches:
SOC pod or squad model
Dedicated concierge model
The pod model assembles Security Operations Center (SOC) analysts into teams (pods) and assigns each pod to customer clusters so they learn about the technology and user environments over time. Forrester analyst Jeff Pollard calls this a “squad model” in The Forrester Wave™: Managed Detection and Response Q1 2021. He says this model allows for a “customized delivery experience” designed to provide subject matter expertise at scale for each customer across their users, endpoints, and networks. Pod methodologies allow teams to triage all customer alerts and prioritize the highest priority threats first in a fast and efficient manner.
In fact, those that used a strictly dedicated “concierge” approach—assigning individuals to monitor the environment—in the Wave generally performed worse than those that leveraged a squad model. The challenge with a dedicated approach is that the service focuses on your alerts, not actual potential threats. This type of model leaves you open to single points of failure (for example, if your dedicated analyst leaves the organization), or challenges that arise with a SOC that’s not ..
Support the originator by clicking the read the rest link below.
