MDR Provider, MSSP or Both? Focus on the Capabilities You Need

Over the last several years, Managed Security Service Providers (MSSP) have evolved, and some have started offering Managed Detection and Response (MDR) services as part of their overall security solution. However, an MSSP lacking MDR capability simply cannot provide the same level of security, particularly in today’s quickly changing environment that has seen remote and hybrid work become the norm.

Additionally, threat actors have not stood still and have expanded their capabilities and taken advantage of the growing threat surfaces. The question that now arises for those who believe an MDR solution is necessary is how to choose the provider. Whether selecting an MSSP that also provides MDR services or a specialized MDR team, evaluate your partners by the capabilities they offer and how they are structured to serve as an extension of your team.

Defining your needs within today’s threat landscape requires a clear understanding of what you’re hoping to gain from any provider of MDR services. Here are some things to keep in mind:

1. Know how the service’s threat intelligence capabilities stack up. Does a proposed partner have a dedicated team of threat hunters? How long has the group been active within the MSSP and how experienced are its professionals? Finding a team of experts within an organization that has done extensive research across a global client base will give your team access to the greatest minds in examining cybercrime behavior. Be prepared to outsource the rigorous (and labor-intensive) task of staying up to date on trends in attack techniques and vulnerabilities that are easy to miss.
2. Understand the strategy and processes behind its managed services. When, where and how is the baton passed between teams? Where does one set of roles and responsibilities begin and the other end? Often, clarity is lacking when it comes to strategy playbooks and protocols for response and remediation. Knowing who will act -- and when -- and who receives access when an incident takes place requires significant coordination. Getting a feel for a partner’s methodology in advance will help you have a better sense of how prepared you’ll be when a threat does arise.
3. Ask the right questions (and lots of them). This journey begins with an introspective look at your organization. Ask yourself: How security-focused is my business? How do we currently detect threats? How well-developed is my security roadmap or do I need help getting the roadmap in place? From there, questions to ask a new provider will take shape: about their threat intelligence sources, industry recognition, talent retention, supported technologies, and more.

There’s no need to choose between an MSSP or an MDR provider to find a partner that fits your needs. Trustwave is a leader in both Managed Detection and Response and Managed Security Services.