Gartner Analyst Report

What Key Questions Should You Ask When Selecting an MDR Provider?

The number of MDR service providers continues to increase, causing challenges for buyers who are unprepared for the evaluation, proof of concept (POC) and selection process. Security and risk management leaders should consider these important criteria to ensure the appropriate choice for your business.

Questions to ask potential MDRs

shutterstock_1073338133 Operation CenterAt LogicHub, we believe there are five critical questions you need to ask any MDR provider:

Your provider should already have hundreds of out-of-the-box integrations, but they also need to provide custom integrations quickly, and flexibly to your unique tools or data sources.

While threats are constantly evolving, standards established by MITRE and NIST are important to make sure you have all the bases covered and can track related threats at multiple stages. Make sure your provider uses and goes deep with these frameworks.

Far too many services boast about detection but do little to help you practically respond. Any legitimate MDR service must have automation tailored to customer needs to proactively take actions. This process should also allow customers to quickly view, understand and approve actions – ideally with one-click.

Typical security tools may see millions of events and produce thousands of alerts – but these alerts streams are unmanageable. A modern MDR service must use advanced automation, and machine learning to triage alerts, and consolidate the noise into a handful of actionable cases.

At the end of the day, this is probably the most important question. For effective MDR, you’re not buying a product – you’re selecting a critical partner. Make sure their service is responsive, efficient, and flexible. Customizations should not cost you extra or take months to arrive – they should be part of the everyday service a top MDR provider delivers.