MDR Vendor Must-Haves, Part 3: Ingestion of Other Technology Investments

This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.”

By the time you’re ready to invest in a Managed Detection and Response (MDR) service, you’ve likely already invested in a number of different security tools aimed at preventing threats and detecting breaches. MDR is a continued investment in this technology, not always a pure replacement. MDR is a complement of any program with a “defense in depth” technology stack.

When designing modern submarines, the Navy uses a thought process of “assume breach,” meaning at some point a flood door or bulkhead will fail and there needs to be multiple failsafes to ensure adequate protection.

The same is true for a security program. Utilizing an “assume breach” mentality in the network, instead of just having a firewall at the perimeter and endpoints on the interior of your network, the defense in depth strategy would layer a firewall with an IDS/IPS, EDR on the endpoint. Then, going further, you would look beyond point solutions to include network segmentation, strong passwords, patch management, etc.

The best MDR providers will want to use all that data as part of delivering their service because it improves threat detection and validation accuracy. More data means more visibility, more ways to correlate threats, and more ways to track attackers.

This includes ingesting your cloud services data. The modern network extends beyond your perimeter. Software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) are now the norm for the modern enterprise.

To complicate things, your users are mobile, working remotely and traveling while using traditional remote access solutions (in addition to modern cloud-based services). Your MDR provider must be able to identify and respond to threats regardless of where these threats are materializing.

How Rapid7 MDR can help

Rapid7 MDR is able to utilize existing security technology investments to gather more—and deeper—logs and event data into activities across the user, endpoint, network, and cloud layers. This allows our team to perform further collection, correlation, and analysis than what is solely enabled by the Insight Agent.

It’s important to ensure your cloud services are ingested and monitored by your MDR provider. Your operating footprint has moved outside of the traditional four walls. Any vendor you choose must adapt at a similar pace. Our MDR service is designed to monitor your expanding enterprise network, including data, applications, and endpoints—wherever they are. With many businesses moving data to the cloud, your MDR vendor should be able to find threats wherever the data lives.

Learn more about Rapid7’s Managed Detection and Response (MDR) services and solutions here. And, be sure to check out other posts in this series here!