05/06/2021 | Press release | Distributed by Public on 05/07/2021 03:25
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights, check out our guide, '10 Things Your MDR Service Must Do.'
Every organization is unique, with different goals, missions, security maturities, staffing models, technologies, and incident detection and response program needs. The best managed detection and response (MDR) providers know this and tailor the solution delivery to meet each customer where they are.
To achieve this, MDR providers will most likely have one of two approaches:
The pod model assembles Security Operations Center (SOC) analysts into teams (pods) and assigns each pod to customer clusters so they learn about the technology and user environments over time. Forrester analyst Jeff Pollard calls this a 'squad model' in The Forrester Wave™: Managed Detection and Response Q1 2021. He says this model allows for a 'customized delivery experience' designed to provide subject matter expertise at scale for each customer across their users, endpoints, and networks. Pod methodologies allow teams to triage all customer alerts and prioritize the highest priority threats first in a fast and efficient manner.
In fact, those that used a strictly dedicated 'concierge' approach-assigning individuals to monitor the environment-in the Wave generally performed worse than those that leveraged a squad model. The challenge with a dedicated approach is that the service focuses on your alerts, not actual potential threats. This type of model leaves you open to single points of failure (for example, if your dedicated analyst leaves the organization), or challenges that arise with a SOC that's not optimized for success. As a result, you cannot be confident that a concierge/dedicated approach will enable you to measure success and respond quickly to every alert.
Additionally, the best MDR providers offer security program advisors who augment these SOC pod teams. These security advisors learn about their customers, their environments, their goals, and any limitations, so that only the best and most effective guidance is provided to remediate against threats and build up the security programs. We recommend digging deeper into what your relationship and engagement model will look like with this individual so you can make sure it resembles a consultant rather than a human SMS system.
Together, both the SOC pod and the Security Advisor should have your priorities and security outcome goals at the center of their service delivery. If not, you're evaluating a Managed Security Provider focused on staff augmentation rather than a true security partner in your MDR.
How Rapid7 MDR can help
Rapid7 MDR is designed to meet our customers at any level of security maturity and help accelerate your maturity, not just manage a Security Information and Event Management (SIEM) tool. Our goal is to ensure we align your investment in MDR with long-term security improvement across all Center for Internet Security (CIS) Top 20 Critical Security Controls.
We go above simply looking at alerts by having our team respond on your behalf, offer advice and mentorship from your Security Advisor, and focus on helping you improve your security program.
We pride ourselves on becoming a true extension of customer teams through attentive service and visibility into our backend systems, and by providing experts and a named resource (your Security Advisor) to whom you can reach out for all things related to security.
The team-from SOC analysts to your Security Advisor-takes the time to truly understand your business processes, environment, and industry so they can provide customized guidance at each interaction point with the MDR service.
After all, MDR is a partnership. Our goal of that partnership is to act as a force multiplier for your team, enabling better cybersecurity decision-making through expert collaboration.
This includes tailored reporting and recommendations, with remediation and mitigation strategies that align your investment in MDR with long-term security improvement across all 20 CIS critical controls.
Here's how Rapid7 MDR's customer engagement model fits this need.
SOC Pod
We employ a SOC pod model, assigning your team multiple security experts with unparalleled experience-both red and blue teams-that monitor your environment around the clock. SOC Analysts leverage specialized toolsets, malware analysis, tradecraft, and forward-looking collaboration with Rapid7's Threat Intelligence researchers to make detection and remediation of threats possible.
Each pod acts as an extension of your team for tactical detection and analysis to validate threats in your environment. Our SOC pod implementation ensures each customer receives continuous monitoring coverage for high- and low-fidelity alerts, while giving our team scale to thoroughly identify known and unknown threats across all customer environments.
This includes threat hunting, validation of threats, and guidance (e.g., containment, remediation, and mitigation recommendations) for true threats. On top of that, our detection and response expertise is infused into everything we do. From threat intelligence to breach response, we'll provide education, tuning, and guidance to help you strengthen your security posture and meet your security outcomes.
The pod is made up of a Security Advisor and six Threat Analysts with an average of 5 years of security detection and response experience. These pod members generally collectively hold over 500 security certifications. Even our most junior analysts already have at least 2 years of experience detecting threats.
Together, your MDR SOC teams maintain 24/7/365 vigilance of your network, from alert validation to in-depth forensics and malware analysis of your network and users. Our combination of these roles provides optimal coverage for all threats and attacker challenges.
Security Advisor
These analysts are augmented by your Security Advisor, who acts as your point of contact to the Rapid7 SOC and Threat Intelligence teams. Your Security Advisor is a trusted security resource, offering suggestions and guidance to mature your security program. Feel free to reach out to them whenever you have a question.
Having risen through the ranks of technical service delivery and customer success, each Security Advisor brings domain expertise, technical acumen, and white-glove customer service. These resources are there to help you advance your program-from understanding the threat landscape to your MDR service to reviewing your progress.
Throughout the service, your Security Advisor will communicate with you frequently to:
Between regularly scheduled meetings and QBRs with your Security Advisor to ad-hoc questions for the SOC, you can rest assured you'll have a partner in your success, providing you with:
Advantages of Rapid7 MDR
Our team is your team. From SOC analysts to your Security Advisors, we take the time to understand your business processes, environment, and industry so we can provide customized guidance and clear direction for your team.
As a strategic partner, we empower customers to accelerate their security maturity with the people, process, technology, and guidance to ensure they can drive security operations at speed and scale.
Learn more about Rapid7's Managed Detection and Response (MDR) services and solutions here. And be sure to check out other posts in this series here!