Suppose you’ve hired an outside company to help you control failures in a complex production line at multiple locations.
What would you prefer:
A partner who throws as many alerts about faults as possible to your employees via their own central control room
or
A partner who filters and resolves as many alerts as possible and also helps you prevent new alerts by a better design of your production lines?
This is a no brainer. With a partner who only collects alerts and sends them back to you via a shiny dashboard, you don’t get anywhere. It’s similar to a security service that sends you a message: we have a report of a burglary in your office, good luck with that!
Many organizations that have partnered with an MDR provider are drowning in a new stream of alerts without any priority or guidance how to deal with them.
Yet, this is the way many so-called Managed Detection and Response (MDR) companies operate. The cybersecurity measures in your IT infrastructure, such as firewalls, breach detection software and the latest generation of virus scanners, produce a massive stream of security alerts, almost always based on recognizing attacks known to the makers of cybersecurity software.
Why be proactive when you can make money faster?
Many organizations that have partnered with an MDR provider are drowning in a new stream of alerts without any priority or guidance on how to deal with them.
According to ON2IT, the first job of an MDR provider is to determine whether or not an alert poses a threat to your specific infrastructure. We call that process triage, and you can’t do that without a high degree of automation. ON2IT does that with its EventFlow™ software, which evaluates all alerts, and can process 99,999% of them automatically.
Why your IT outsourcer
is not a cybersecurity specialist
Do you think your overall IT vendor is on 24/7 standby and has the expertise to solve a serious security problem?
We don’t think so, and are happy to explain to you in this PDF why we think so. And also why world-class cybersecurity is still attainable for any organization.
The best remediation is no remediation
A SOC analyst who is available 24/7 assesses the alerts that need more attention, and possibly aggregrates them into a security event for which a ticket is opened. From there, we work with the client in our cloud platform AUXO™ to assess the threat and take the appropriate remediation or preventive actions.
The ‘alert factories’ model requires less experienced analysts, less in-depth technology know-how, and less responsibility for the MDR vendor. The label 24/7 by itself doesn’t tell you much.
For most of our clients, ON2IT is responsible for the configuration and setup of the security measures. So, we have a common interest. The better the prevention, the fewer security events. That is a totally different model than drowning your customer in a sea of alerts.
We also benefit from optimally designed cybersecurity at our customers. It seems like more work, but we recoup that time because we have to process fewer security incidents. Preferably none, although that aim is unattainable in actual practice.
The 24/7 SOC label by itself doesn’t tell you much
The ‘alert factories’ model requires less experienced analysts, less in-depth technology know-how, and less responsibility for the MDR vendor. The label 24/7 by itself doesn’t tell you much.
So, ask a managed cybersecurity service provider what they do to filter alerts as smartly as possible, reduce the number of security events, and how they continually work with you to optimize your security measures.
And don’t fall into the trap of vendors who think they are doing a good job when they just send more and more and more alerts your way. That’s exactly what you don’t need.
