Cybersecurity isn’t an aspect of your business that should be taken lightly. That applies to how you decide who you choose to partner with for managed Endpoint Detection and Response (EDR) services too. Managed EDR providers are sort of like cocktails, two providers can offer a service with the same name, but vastly different deliverables. Have you ever had a “margarita” that tasted like jet fuel? When it comes to your company’s cybersecurity, it’s best to really know what you’re ordering. Here are five things to consider when choosing a managed EDR provider.
1. Do they use a mature tool to deliver EDR services? A mature EDR tool will provide the team with more capabilities and allow them to work faster during critical situations. It will also have a lower false-positive detection rate and be able to protect from advanced threats like ransomware and fileless malware (scripts and remote code execution). Using a lower-level tool might save some money, but you will up spending more if that cheaper tool misses something and now you have a real security incident on your hands.
2. Are they willing to be agile with the EDR tool they choose to work with? The absolute best EDR tool today maybe obsolete in a few years. It’s just the nature of the game since threat actors are constantly evolving their methods to be able to circumvent any existing technologies. Make sure that your company’s security program is able to evolve with them.
3. Do they understand the needs of your business and industry, and know how to tailor their services to your specific needs? No two environments are exactly the same and different environments have different security needs. Businesses need a managed EDR provider that is willing to make adjustments and do the proper fine tuning in order to make sure the EDR is providing maximum protection without negatively impacting the environment. A poorly tuned EDR tool can cause applications to crash, not be able to connect to the internet, or not even load. This may be a nuisance for a CPA’s office, but could be a literal life or death scenario for a hospital. Be wary of managed EDR providers that only offer a “one-size-fits-all” EDR solution, without regard for the ways in which your environment is unique.
4. Do they have knowledgable staff in place? A mature EDR tool may have the right features, but it still requires an expert to tune it properly and bring out its full potential. Just like how professional F1 driver Lando Norris would almost certainly be able to coax a much better performance out of his super powered McLaren 765LT Spider compared to just someone with a driver’s license. Could that someone drive the McLaren 765LT Spider? Sure. But would you want them behind the wheel in a race, if losing that race means you get breached? Probably not. Make sure your managed EDR provider has the right drivers on their team.
5. Do they have good processes for performing investigations, communicating with your team, and remediation efforts? In a crisis, having proper processes in place can be a metaphorical life saver. The speed in which a threat is detected, isolated, and remediated can be the difference between a minor incident and a major breach. Your managed EDR provider should have a formal plan for how to investigate threats, quickly inform your team of any active threats, and begin remediating the threat as quickly as possible.
3. Do they understand the needs of your business and industry, and know how to tailor their services to your specific needs? No two environments are exactly the same and different environments have different security needs. A medical company may need to have additional rules built into their SIEM in order to meet necessary compliance standards like HIPPA or HITRUST that a logistics company may not. Be wary of managed SIEM providers that only offer a “one-size-fits-all” SIEM solution, without regard for the ways in which your environment is unique.
4. Do they have knowledgable staff in place? A mature SIEM tool may have the capability to be powerful, but it still requires an expert to tune it properly and bring out its full potential. Just like how professional F1 driver Lando Norris would almost certainly be able to coax a much better performance out of his super powered McLaren 765LT Spider compared to just someone with a driver’s license. Could that someone drive the McLaren 765LT Spider? Sure. But would you want them behind the wheel in a race, if losing that race means you get breached? Probably not. Make sure your managed SIEM provider has the right drivers on their team.
5. Do they have good processes for performing investigations, communicating with your team, and remediation efforts? In a crisis, having proper processes in place can be a metaphorical life saver. The speed in which a threat is detected, isolated, and remediated can be the difference between a minor incident and a major breach. Your managed SIEM provider should have a formal plan for how to investigate threats, quickly inform your team of any active threats, and begin remediating the threat as quickly as possible.
When you’re ready to take the next step in Managed Endpoint Protection & Response (EDR), let us know. Our team of experts are ready to help you along the way.
