This is the fifth in a five-part blog series on managed detection and response (MDR) as it drives strategic security outcomes for businesses.

Now that you’ve reached part five of this series, you’ve seen how MDR services help organizations. They can help achieve their goals through the context of four key strategic outcomes. You’re familiar with the four pillars of how it can make your business more reliable and more secure:

• Align your security strategy to your business
• Protect your digital users, assets and data
• Manage your defenses against growing threats, and
• Modernize your security with an open, multicloud platform.

In this final post, we’ll roll up the key takeaways from those discussions in the form of specific questions organizations should ask MDR services providers.

Align MDR Services to Your Needs

In the align your security strategy to your business step, we discussed that aligning an MDR service to the unique needs of the business first requires an understanding of what the objectives are. You can learn this a number of ways, including regular tests and workshops to prioritize and clarify goals.

Some key questions you should first ask your MDR service provider to ensure alignment to your business include:

• How does your MDR provider prioritize your most critical assets?
• How does your MDR provider demonstrate how they add that knowledge into their monitoring, detection, investigation and threat hunt practices?
• Does the MDR service clearly communicate in a way that demonstrates its understanding of the business and how it aligns to the organization’s defense needs?
• How often do you re-assess critical assets?  A well-aligned MDR program is one that stays focused on assets that support business goals as they change.

Protect

In protect your digital users, assets and data, we discussed that care needs to be taken when switching to a proactive containment and remediation process and should not be considered a one-time action.

Ask yourself the following questions to determine where you are in the journey to protecting your endpoints:

• Are we taking advantage of threat intelligence tailored to our needs?
• Is this intelligence based on both tactics, techniques and procedures and static indicators of compromise?
• Do we use outcomes of security incidents to fine-tune endpoint detection and response (EDR)?
• Are we holding regular, tailored, proactive hunts?
• Do we use hunt outcomes to add new or enhance existing detections?
• Are we using and testing our pre-approved containment procedures on a regular basis and changing them when we need to?

Manage

In manage your defenses against growing threats, we discussed that proper management requires a partnership between MDR services providers who manage the agents and clients who own the endpoints.

Some key questions to ask your MDR services provider could include:

• How can I pinpoint and document my key assets, users and data?
• Do you offer a solution to meet data localization needs?
• How are you ensuring the health and availability of my agents?
• What is your process for upgrades, testing and verification and enabling of new features?

Modernize With MDR

In modernize your security with an open, multicloud platform, we discussed how the use of cloud platforms is increasing. This requires MDR service providers to adapt in order to remain relevant and effective.

Four important questions to keep in mind when picking MDR services are:

• First, how many EDR platforms does the MDR services provider support?
• Next, can the MDR services provider continue to provide the same level of service if the client switches EDR platforms?
• Does the service also correlate the endpoint data with other relevant sources?
• Lastly, does the MDR provider focus their service forward and look to improve how it protects you?

When choosing an MDR service provider it is important to focus on key strategic outcomes. That means having outcomes and goals that address defined use cases that you can use to assess what the provider can do.

How MDR Can Reduce Threats

Any MDR service should detect and limit the impact of threats on a 24/7 basis. They should focus on core services of remote threat monitoring, detection and targeted response activities. Be sure that the service provider you choose delivers these core services in a way that really works for you. They should also provide the protection you need in a language you can understand. A provider that delivers transparency and collaboration to serve as an extension to your existing security team.

To that end, IBM has announced new capabilities for IBM Security Managed Detection and Response (MDR) services as part of its strategy to position IBM as the leader in providing modernized, automated, AI-driven detection and response services across the enterprise.

IBM Security, a global leader in 12 market segments, with the largest dedicated security services team and integrated security ecosystem, now delivers the industry’s broadest portfolio of detection and response solutions. IBM Security MDR is a component of the IBM Security X-Force Threat Management (XFTM) portfolio that further extends beyond traditional threat management vendors to provide end-to-end, integrated solutions to manage the full threat management lifecycle.

IBM Security MDR’s enhanced service includes turnkey 24/7 threat detection and fast response capability, fueled by threat intelligence and proactive threat hunting to reveal undetected threats faster while improving SOC productivity. IBM’s AI-powered automation coupled with human-led analysis speed threat response across networks and endpoints in hybrid multicloud environments, offering valuable context for zero trust inspired threat management. To learn more, visit the IBM Security Managed Detection and Response Services page here.

And be sure to register for the MDR inspired webinar: Mapping Your Environment to the MITRE ATT&CK® Framework: Are There Gaps in Coverage?