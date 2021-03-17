



This is the fifth in a five-part blog series on Managed Detection and Response (MDR) that facilitates the strategic security outcomes of the enterprise.

Now that you’ve reached Part 5 of this series, you’ve seen how MDR services can help your organization. They can help achieve their goals through the context of four key strategic outcomes. You are familiar with the four pillars of how it can make your business more reliable and safer:

Align your security strategy with your business Protect your digital users, assets, and data Manage defenses against growing threats and modernize security with an open multi-cloud platform.

This final post summarizes the key points from these discussions in the form of specific questions that organizations should ask MDR service providers.

Match your MDR services to your needs by registering for a webinar

He explained that as you align your security strategy with your business steps, you first need to understand what your goals are in order to tailor your MDR services to the unique needs of your business. This can be learned in a variety of ways, including regular tests and workshops to prioritize and clarify goals.

To ensure consistency with your business, the first important questions you should ask your MDR service provider are:

How do MDR providers prioritize their most important assets? How do MDR providers show how to add that knowledge to their monitoring, detection, investigation, and threat hunt practices? Does the MDR service communicate clearly in a way that shows an understanding of the business and how it responds to the defense needs of the organization? How often do you revalue your critical assets? A well-tuned MDR program is a program that continues to focus on assets that support changing business goals.Protect

He explained that care should be taken when switching to a proactive containment and remediation process to protect digital users, assets, and data, and that it should not be considered a one-time action.

Ask yourself the following questions to determine where you are on your way to protecting your endpoints.

Are you leveraging threat intelligence to meet your needs? Is this intelligence based on both tactics, techniques, procedures, and static indicators of infringement? Would you like to use the results of a security incident to fine-tune endpoint detection and response (EDR)? Do we regularly hunt in a coordinated and aggressive manner? Would you like to use the hunt results to add new detections or enhance existing ones? Do you regularly use and test pre-approved containment procedures and change them as needed?to manage

He explained that proper management requires a partnership between the MDR service provider that manages the agent and the client that owns the endpoint to manage protection against growing threats.

Some important questions to ask your MDR service provider include:

How can I identify and document important assets, users, and data? Do you offer solutions that meet your data localization needs? How do you ensure the health and availability of your agents? What is the process for upgrading, testing, validating, and enabling new features? Updated with MDR

We talked about how cloud platform usage is increasing as we modernize security on open multi-cloud platforms. This requires MDR service providers to adapt to maintain relevance and effectiveness.

Here are four important questions to keep in mind when choosing an MDR service:

First, how many EDR platforms do MDR service providers support? Then, if the client switches EDR platforms, can the MDR service provider continue to provide the same level of service? Does the service also associate endpoint data with other related sources? Finally, is the MDR provider focusing on the service and trying to improve the way it protects you?

When choosing an MDR service provider, it is important to focus on key strategic outcomes. This means that you have results and goals that correspond to defined use cases that you can use to evaluate what your provider can do.

How MDR Reduces Threats

MDR services need to detect and limit the impact of threats 24 hours a day, 7 days a week. They need to focus on the core services of remote threat monitoring, detection, and targeted response activities. Make sure that the service provider you choose provides these core services in a way that actually works. You also need to provide the necessary protection in an understandable language. A provider that provides transparency and collaboration that acts as an extension to existing security teams.

To that end, IBM announces new features in its IBM Security Managed Detection and Response (MDR) service as part of its strategy to position IBM as a leader in providing the latest automated AI-driven detection and response services across the enterprise. Did.

With the largest dedicated security services team and integrated security ecosystem, IBM Security, a global leader in 12 market segments, currently offers the industry’s broadest portfolio of detection and response solutions. IBM Security MDR is a component of the IBM Security X-Force Threat Management (XFTM) portfolio that extends traditional threat management vendors to provide an end-to-end integrated solution for managing the entire threat management lifecycle. Offers.

IBM Security MDR enhanced services include 24/7 turnkey threat detection and fast response capabilities that leverage threat intelligence and proactive threat hunting while increasing SOC productivity. .. Combining IBM’s AI-powered automation with human-driven analytics speeds up threat response across networks and endpoints in hybrid multi-cloud environments, a valuable context for unreliable threat management Will be provided. For more information, please visit the IBM Security Managed Detection and Response Services page here.

Also, be sure to register for an MDR-inspired webinar: Map your environment to the MITREATT & CK® framework: Is there a coverage gap?

