The recent Gartner Market Guide for Managed Detection and Response Services provides organizations with key criteria for choosing an MDR provider in a crowded and confusing marketplace.
The verdict is clear. According to Gartner, “Response remains an essential capability and is increasingly a differentiator between many providers.”
Our take: merging detection and response with Continuous Response
In many organizations, ‘detection’ and ‘response’ are treated as separate functions. The most effective MDR provider brings together the skillsets and processes that have traditionally been distinct between threat hunters and incident responders, encompassing a specially trained team that detects and then quickly respond to attacks before a business experiences impact.
At F-Secure Countercept, we call this Continuous Response – a methodology that fuses detection and response – that can be used by any organization regardless of security maturity.
Continuous Response is the foundation of exceptional MDR, ensuring:
-Intense knowledge of your estate, identification and protection of your business-critical assets, and the impact of certain actions (i.e. isolating certain hosts or servers).
-A genuinely personalized and collaborative partnership between our teams and yours – including your board and stakeholders – where roles, remit, and lines of escalation and communication are clearly outlined, defined, and supported.
-The ability to detect and respond to all, but specifically, live and targeted attacks with no or minimal impact on your business and its activities.
With the Three C’s: Collaboration, Context, and Control
Collaboration to mobilize and coordinate
When attackers are live on your estate, expedient decision making is empowered through clear roles, remit, and responsibilities. Collaboration defines these at the start of our partnership so that the minute an attack is detected teams on both sides can quickly mobilize.
Context through quick access to the right data
Organizations create vast amounts of data on a daily basis. Context provides the framework for your organization and ours collecting the most pertinent data to provide as much information about the incident as possible. This gives our trained specialists the right tools to distil datasets down to what is most useful and actionable, going beyond the endpoint to integrate other telemetry.
Control the attack instead of the attack controlling you
Control encompasses the investigation, containment, and remediation actions that enable Continuous Response during an attack, including actions that slow attackers down without alerting them to our presence so that investigation and containment can be made on our – and your – terms. This can include – for example – expelling the attacker outside of your normal business hours or coordinating our response based on the attacker’s location and behaviour.
Download Gartner’s 2019 MDR Market Guide
Gartner Market Guide for Managed Detection and Response Services, Toby Bussa, Kelly Kavanagh, Sid Deshpande, Craig Lawson, Pete Shoard, 15 July 2019
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Leave a comment