Say you hired an outside company to help you get failures in a complex production line at multiple locations under control. What would you rather have:
A partner that operationes from their own central control room and flags as many alerts as possible, sending these to your employees
or
A partner who filters and solves as many alerts as possible and also helps prevent new alerts by helping you better design your production lines?
The answer is obvious. A partner who just collects alerts and then makes leaves fixing the problem in your hands, doesn’t actually get you anywhere. It’s comparable to a security service that sends you a quick message: we received a report of a break-in at your office: good luck with that!
Many organizations that partnered with an MDR provider are now drowning in a sea of alerts without any priority or guidance on how to deal with them.
Why put in effort when you can save money?
Yet this is the way many so-called Managed Detection and Response (MDR) companies operate. The cybersecurity measures in your IT infrastructure, like firewalls, intrusion detection software and the newest generation of virus scanners, produce an endless stream of security alerts, almost always based on recognising known attacks.
Many organizations that partnered with an MDR provider are now drowning in a sea of alerts without any priority or guidance on how to deal with them.
ON2IT believes that the first job of an MDR provider is to determine whether or not an alert poses a threat to your particular infrastructure. We call this process triage and you can’t do that without a high level of automation. ON2IT’s EventFlow ™ software provides this automation. It evaluates all alerts evalueert and processes 99,999% of them automatically.
The best remediation is no remediation
A 24/7 available SOC-analyst assesses the alerts that require more attention, and possibly merges them into a security event for which a ticket is then opened. From that moment onwards, we collaborate with the customer in AUXO™, our cloud-based security platform, to assess threats and take appropriate actions.
The ’alert factory’ model requires less experienced analysts, less in-depth technological know-how and means less responsibility for the MDR provider. The label of ‘24/7 SOC’ alone then doesn’t say much.
With most of our clients, ON2IT is responsible for the configuration and set up of security measures. This means we have a common goal. The better the prevention, the fewer security events. That’s a very different model from just overwhelming your clients with alerts and events.
We ourselves benefit from an optimal security set up at our clients. It may seem like it’s more work at first, but we recoup that by having to deal with fewer security incidents. Preferably no events, although that tends to be an unachievable goal.
The label of ‘24/7 SOC’ alone then doesn’t say much.
The ’alert factory’ model requires less experienced analysts, less in-depth technological know-how and means less responsibility for the MDR provider. The label of ‘24/7 SOC’ alone then doesn’t say much.
Ask a managed security service provider what they do to filter alerts, limit the number of events, and how they continuously collaborate with you to ensure your cybersecurity set up is optimalized.
Don’t be fooled by vendors who think they’re doing a good job based on the number of alerts they send your way. That’s exactly what you don’t need.
