An organization’s choice to seek a managed security services provider (MSSP) to guard over its IT infrastructure is usually based on three major reasons.

According to Gartner’s 2020 Market Guide for Managed Detection and Response Services, they are:

• A lack of technical knowledge needed to build and manage a security operations center
• The need to support available security infrastructure with managed solutions
• The need to secure the services of security experts and solutions at affordable rates

To simplify the decision-making process while ensuring the final choice leads to a long-lasting business relationship, here are questions you should ask potential MSSPs:

How do you adapt your service to your clients’ needs?

“Business context” is talked about a lot by providers, but not all can provide a truly tailored experience.

Ask potential MSSPs how they have adapted their services and approach to a client’s unique business environment and operations. A qualified MSSP will work with you to understand your security infrastructure, day-to-day operations, and future goals.

Datashield’s foundations are built upon our consultative approach. We have clients ranging from small to mid-market organizations to large multi-national operations across all industries. We understand the intricacies of compliance reporting and regulations across industries.

Can you use our current security stack, or will we need to implement new technology?

Depending on the service provider, MSSPs can work with existing infrastructure or require their clients to adopt their “package” of security tools.

Depending on your current security stack, keeping your current system may be more complex and expensive than transitioning or migrating to a different platform.

Datashield provides the best of both worlds. We partner with the best in class security tools and integrate with most of them with our security orchestration tool. Depending on your current security stack, you may not have to add or deploy new tools. Additionally, Datashield may be able to help you cut cost with exclusive partnership licensing fees.

Can you configure and customize my logs?

Your organization generates millions of data points for every event that passes through its IT infrastructure every day, recorded in logs. Marketing efforts, sales, client services, and financial transactions passing through a network generate a ton of events and alerts.

Auditing and analyzing logs is a key component for protecting an IT infrastructure from security incidents, meeting government regulations, and responding to threats.

Security information and event management (SIEM) tools audit and analyze logs. Most MSSPs rely on SIEMs to handle the task of managing the logs of a customer.

A well-configured, customized, and installed SIEM can make a world of difference for your IT team.

Any MSSP worth their salt will work with your organization to implement and tune your log ingestion and SIEM tool to deliver rich contextual alerts.

Datashield works with the industry’s top SIEM solutions, including on-premise, hybrid, and cloud architectures. Our engineers and threat content team provide a premier SIEM installation and tuning experience.

Do the logs and alerts have the right type of data and level of detail to support threat hunting activities and compliance reporting?

SIEM tools allow for full packet capture, which provides necessary event data to actively threat hunt and generate detailed reports.

MSSPs can implement a SIEM tool on your network while tuning alerts to reduce the volume and increase efficiency.

Make sure your MSSP goes beyond the out-of-the-box rules and alerts, customizing them to your specific needs.

Datashield provides a consultative approach to logs and alerts. We work with best-in-breed SIEMs, and our security engineers can help you architect and deploy your ideal security stack. Additionally, our Managed Detection and Response service comes with active threat hunting and a dedicated account manager who facilitates progress and status calls.

Will your MSSP support our organization’s incident response activities?

Detecting threats and capturing security incidents is the first part of the process of mitigating threats to your organization’s IT infrastructure.

Your organization should ask potential MSSPs how they currently handle incident response and how they work in co-managed or fully outsourced environments. Understanding the ownership for threat response will determine your budget and resource spend.

Datashield offers a spectrum of incident response services and tools that interface with the MITRE ATT&CK framework; contact us today to see how we can best collaborate.

Other Considerations

Most MDR providers lack the vetting and decades of competition that MSSPs have faced. Due diligence must be paid before signing a contract. Make sure to:

• Use a Proof of Concept (PoC)
• Ask for sample deliverables and use cases
• Interview multiple providers and request demos and quotes from each
• Don’t just look at the specs; make sure to consider the customer support and experience

Add Datashield to your shortlist

Datashield has been providing Managed Detection and Response services for over a decade. We use our proprietary software SHIELDVision and core processes to focus on generating valuable and actionable insight into advanced security threats for analysis and response, allowing us to beat the competition. Additionally, we have the experience and resources to set up, configure and manage virtually any SIEM appliance, email security tool, or endpoint software.

Contact us today for a no-cost consultation with one of our security experts.