CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Ensure Proper Managed Detection and Response Coverage, Even with Rapid Onboarding

Managed detection and response (MDR) providers often tout how quickly they can onboard new clients, and rapid onboarding can indeed be essential in many instances, but speed is not always paramount. What is crucial for long-term peace of mind is to configure the MDR service for robust detection of threats and protection of all your critical assets.

This scope-of-coverage aspect can get lost as MDR providers promise to onboard clients in ever-tightening timeframes, including self-service onboarding. Companies must consider how the provider meets those timeframes, what they sacrifice in the process, and what happens after the initial onboarding.

An MDR provider should be able to handle rapid onboarding, for instance when speed is non-negotiable, and also have a methodical, high-touch approach when a client needs to meet stringent change management requirements – or any variation in between.

Let's look at the attributes an MDR provider should have to meet that range of requirements.

 

Rapid MDR onboarding: When speed matters

A common reason for the rapid onboarding approach is quickly realizing value from the MDR investment. That makes total sense: when a client spends the money, they want to see the benefit. If you buy an expensive, sporty car, you want to drive it now, not in 30 or 60 days.

Companies that recently suffered a breach may likewise be interested in rapid MDR onboarding. It could even be a requirement from an insurance provider or a strong recommendation, such as the company conducting the Digital Forensics and Incident Response (DFIR) investigation.

Whatever the reason, when in this position, the key is to ensure the MDR provider addresses the issues that will move the security needle the most right off the bat. Trustwave calls this “minimum viable service,” meaning the minimum baseline to establish out of the gate, on top of which the team can continue to build out the service over time.

Trustwave developed this baseline based on our years of experience dealing with security issues related to different endpoints, operating systems, regulations, geographies, and mixes of technologies. The key to rapid MDR deployment is having a provider that knows all the wrong turns and how to avoid them, so you follow the shortest path to an effective deployment.

 

High Touch MDR Onboarding Approach

The chief reason companies want to take a more measured approach to onboarding is because they have stringent change management requirements, such as when introducing new software. Many like to conduct a small pilot project or shakedown, so the IT group can understand how the MDR service works, its performance, and its operational impact. For example, if a given server is mission-critical, the client will likely want to understand any performance impact before fully enabling the EDR tool and placing it into production with MDR.

Some clients like to conduct workshops, so the MDR provider understands what factors to consider in the deployment, such as that mission-critical server. Additionally, an MDR provider will likely spend time defining the risk category of each MDR-protected asset from a critical business operation and data sensitivity perspective. Without it, the MDR provider cripples its ability to effectively execute any response action to threats or incidents before first consulting the client for approval (including those 2 a.m. calls on a Sunday), effectively diminishing the MDR service’s value.

Trustwave, for example, captures asset and business context tailored to the client’s environment and policies—including the endpoint function, sensitive assets, geographic locations, site on/off hours, and pre-approved asset-based response protocols. That groundwork empowers us to act quickly during an incident response on the client’s behalf.

 

Trustwave Approach to MDR Onboarding

Trustwave supports either approach to MDR onboarding.

In addition to the self-service onboarding, we can help onboard a client in as little as a few days. But we also understand that some companies prefer the measured, high-touch approach.

No matter how clients choose to onboard, with Trustwave, they wind up in the same place. That’s because Trustwave applies a human-led analysis to every client environment to ensure each one gets the MDR protection it needs through a dedicated team of onboarding specialists.

The Trustwave onboarding team ensures every client benefits from all we've learned from the thousands of onboardings we've conducted. That includes best practice configurations and rules that go above and beyond what IT software and equipment vendors recommend. It means even a company deploying a security service for the first time is fast-tracked to a state of maturity that equals a company that’s been using MDR for years.

You may take a self-service or fast-track approach out of the gate, but we’ll have a specialist working with you throughout your engagement to ensure you get the most value from the MDR service. Even as you add devices and applications over time, Trustwave's MDR will ensure you still see a decline in positive alerts.

Latest Trustwave Blogs

Unlocking the Power of Offensive Security: Trustwave's Proactive Approach to Cyber Defense

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect...

Read More

Behind the Scenes of the Change Healthcare Ransomware Attack Cyber Gang Dispute

Editor’s Note – The situation with the Change Healthcare cyberattack is changing frequently. The information in this blog is current as of April 16. We will update the blog as needed. April 16, 2024:...

Read More

Law Enforcement Must Keep up the Pressure on Cybergangs

The (apparent) takedown of major ransomware players like Blackcat/ALPHV and LockBit and the threat groups’ (apparent) revival is a prime example of the Whack-a-Mole nature of combating ransomware...

Read More