Video Q&A with Senior InfoSec Analyst Aaron Sherrill: Discussing MDR Security Services
This post was last updated on April 7th, 2020 at 01:52 pm
We recently had the pleasure of connecting with 451 Research Senior Analyst in Information Security, Aaron Sherrill, for a video Q&A session.
The topic of conversation was endpoint security — specifically, questions surrounding the rationale for investing in a Managed Detection and Response (MDR) security solution.
MDR or Managed Detection and Response, is a managed security service whereby a company outsources the monitoring, detection, and response to security threats to a third-party vendor, such as a Managed Security Services Provider (MSSP).
Need more background about MDR? Check out Should You Outsource Your Managed Security Services to an MDR Provider?
Why do endpoint security tools fail to detect threats and prevent compromises?
- IT environment complexity
- Lack of expertise and resources
- Multiple security tools deployed
- Unknown vulnerabilities
- Reactive vs. proactive detection
Why is it important to conduct regular threat and compromise assessments?
Endpoint security prevention tools eventually fail. As a result, it is important to conduct regular threat and compromise assessments to expose hidden risks, threats, and vulnerabilities in your environment.
Learn more and request an Infocyte Threat Assessment.
What KPIs are important when endpoint detection and response security solutions?
Three key metrics your endpoint detection and response security tools should measure, track, and help you improve:
- Mean time to detect (MTTD) is the average amount of time it takes your organization to detect a security event or incident — from initial infection to discovery.
- Mean time to resolve (MTTR) is the average amount of time it takes your organization to respond and eradicate threats or attackers.
- Dwell time is the entire length of time a security incident — from the initial breach to resolution — is in your IT environment.
What features are vital for a Managed Detection and Response (MDR) security solution?
Not all endpoint detection and response security tools are created equal. The top capabilities need for a managed endpoint security solution, such as an MDR platform, are:
- Detection and response across on-premise assets, remote endpoints, virtual systems, and cloud workloads
- Independence from existing security stack, with the ability to integrate
- Most organizations need both Agent and Agent-less deployment options
- Understand the overall impact on your environment, network, and business operations
You can view the full video on our YouTube Channel.