Cybersecurity isn’t an aspect of your business that should be taken lightly. That applies to how you decide who you choose to partner with for Threat & Vulnerability Management (TVM) services too. Managed TVM providers are sort of like cocktails, two providers can offer a service with the same name, but vastly different deliverables. Have you ever had a “margarita” that tasted like jet fuel? When it comes to your company’s cybersecurity, it’s best to really know what you’re ordering. Here are five things to consider when choosing a managed TVM provider.
1. Do they use a mature tool to deliver TVM services? A mature TVM tool will provide the team more capabilities and more accurately identify vulnerabilities and risks to the systems and the organization as a whole. Unlike the more mature TVM tools currently available, less mature tools won’t scan for known or weak passwords or for configuration issues. Be sure your Threat & Vulnerability Management provider isn’t using a tool that can’t even catch as many threats.
2. Are they willing to be agile with the TVM tool they choose to work with? The absolute best TVM tool today may be obsolete in a few years. It’s just the nature of the game since Threat Actors are constantly evolving their methods to be able to circumvent any existing technologies. Make sure that your company’s security program is able to evolve with them.
3. Do they understand the needs of your business and industry, and know how to tailor their services to your specific needs? No two environments are exactly the same and different environments have different security needs. For example, when it comes to patching, not all machines can necessarily be patched in the same window and some devices will need to be carefully tailored to make sure that the business operations and services aren’t interrupted.
4. Do they have knowledgeable staff in place? A mature TVM tool may have the right features, but it still requires an expert to tune it properly and bring out its full potential. Just like how professional F1 driver Lando Norris would almost certainly be able to coax a much better performance out of his super powered McLaren 765LT Spider compared to just someone with a driver’s license. Could that someone drive the McLaren 765LT Spider? Sure. But would you want them behind the wheel in a race, if losing that race means you get breached? Probably not. Make sure your managed TVM provider has the right drivers on their team.
5. Do they have good processes for performing investigations, communicating with your team, and remediation efforts? In a crisis, having proper processes in place can be a metaphorical life saver. The speed in which a threat is detected, isolated, and remediated can be the difference between a minor incident and a major breach. Your managed TVM provider should have a formal plan for how to investigate threats, quickly inform your team of any active threats, and begin remediating the threat as quickly as possible.
3. Do they understand the needs of your business and industry, and know how to tailor their services to your specific needs? No two environments are exactly the same and different environments have different security needs. A medical company may need to have additional rules built into their SIEM in order to meet necessary compliance standards like HIPPA or HITRUST that a logistics company may not. Be wary of managed SIEM providers that only offer a “one-size-fits-all” SIEM solution, without regard for the ways in which your environment is unique.
4. Do they have knowledgable staff in place? A mature SIEM tool may have the capability to be powerful, but it still requires an expert to tune it properly and bring out its full potential. Just like how professional F1 driver Lando Norris would almost certainly be able to coax a much better performance out of his super powered McLaren 765LT Spider compared to just someone with a driver’s license. Could that someone drive the McLaren 765LT Spider? Sure. But would you want them behind the wheel in a race, if losing that race means you get breached? Probably not. Make sure your managed SIEM provider has the right drivers on their team.
5. Do they have good processes for performing investigations, communicating with your team, and remediation efforts? In a crisis, having proper processes in place can be a metaphorical life saver. The speed in which a threat is detected, isolated, and remediated can be the difference between a minor incident and a major breach. Your managed SIEM provider should have a formal plan for how to investigate threats, quickly inform your team of any active threats, and begin remediating the threat as quickly as possible.
When you’re ready to take the next step in Threat & Vulnerability Management (TVM), let us know. Our team of experts are ready to help you along the way.
