Managed detection and response (MDR) providers often tout how quickly they can onboard new clients, and rapid onboarding can indeed be essential in many instances, but speed is not always paramount. What is crucial for long-term peace of mind is to configure the MDR service for robust detection of threats and protection of all your critical assets.
This scope-of-coverage aspect can get lost as MDR providers promise to onboard clients in ever-tightening timeframes, including self-service onboarding. Companies must consider how the provider meets those timeframes, what they sacrifice in the process, and what happens after the initial onboarding.
An MDR provider should be able to handle rapid onboarding, for instance when speed is non-negotiable, and also have a methodical, high-touch approach when a client needs to meet stringent change management requirements – or any variation in between.
Let's look at the attributes an MDR provider should have to meet that range of requirements.
Rapid MDR onboarding: When speed matters
A common reason for the rapid onboarding approach is quickly realizing value from the MDR investment. That makes total sense: when a client spends the money, they want to see the benefit. If you buy an expensive, sporty car, you want to drive it now, not in 30 or 60 days.
Companies that recently suffered a breach may likewise be interested in rapid MDR onboarding. It could even be a requirement from an insurance provider or a strong recommendation, such as the company conducting the Digital Forensics and Incident Response (DFIR) investigation.
Whatever the reason, when in this position, the key is to ensure the MDR provider addresses the issues that will move the security needle the most right off the bat. Trustwave calls this “minimum viable service,” meaning the minimum baseline to establish out of the gate, on top of which the team can continue to build out the service over time.
Trustwave developed this baseline based on our years of experience dealing with security issues related to different endpoints, operating systems, regulations, geographies, and mixes of technologies. The key to rapid MDR deployment is having a provider that knows all the wrong turns and how to avoid them, so you follow the shortest path to an effective deployment.
High Touch MDR Onboarding Approach
The chief reason companies want to take a more measured approach to onboarding is because they have stringent change management requirements, such as when introducing new software. Many like to conduct a small pilot project or shakedown, so the IT group can understand how the MDR service works, its performance, and its operational impact. For example, if a given server is mission-critical, the client will likely want to understand any performance impact before fully enabling the EDR tool and placing it into production with MDR.
Some clients like to conduct workshops, so the MDR provider understands what factors to consider in the deployment, such as that mission-critical server. Additionally, an MDR provider will likely spend time defining the risk category of each MDR-protected asset from a critical business operation and data sensitivity perspective. Without it, the MDR provider cripples its ability to effectively execute any response action to threats or incidents before first consulting the client for approval (including those 2 a.m. calls on a Sunday), effectively diminishing the MDR service’s value.
Trustwave, for example, captures asset and business context tailored to the client’s environment and policies—including the endpoint function, sensitive assets, geographic locations, site on/off hours, and pre-approved asset-based response protocols. That groundwork empowers us to act quickly during an incident response on the client’s behalf.
Trustwave Approach to MDR Onboarding
Trustwave supports either approach to MDR onboarding.
In addition to the self-service onboarding, we can help onboard a client in as little as a few days. But we also understand that some companies prefer the measured, high-touch approach.
No matter how clients choose to onboard, with Trustwave, they wind up in the same place. That’s because Trustwave applies a human-led analysis to every client environment to ensure each one gets the MDR protection it needs through a dedicated team of onboarding specialists.
The Trustwave onboarding team ensures every client benefits from all we've learned from the thousands of onboardings we've conducted. That includes best practice configurations and rules that go above and beyond what IT software and equipment vendors recommend. It means even a company deploying a security service for the first time is fast-tracked to a state of maturity that equals a company that’s been using MDR for years.
You may take a self-service or fast-track approach out of the gate, but we’ll have a specialist working with you throughout your engagement to ensure you get the most value from the MDR service. Even as you add devices and applications over time, Trustwave's MDR will ensure you still see a decline in positive alerts.
