{"id":1661,"date":"2024-09-24T16:52:56","date_gmt":"2024-09-24T16:52:56","guid":{"rendered":"https:\/\/xdr-mdr.lmntrix.com\/main_web\/?p=1661"},"modified":"2025-07-29T02:41:41","modified_gmt":"2025-07-29T02:41:41","slug":"choosing-the-right-mdr-provider-try-before-you-buy","status":"publish","type":"post","link":"https:\/\/lmntrix.com\/blog\/choosing-the-right-mdr-provider-try-before-you-buy\/","title":{"rendered":"Choosing the Right MDR Provider \u2013 Try Before You Buy"},"content":{"rendered":"
\n
\"Choosing<\/figure>\n<\/div>\n\n\n

Making the right decision with the five things to look out for when you run a trial<\/em><\/strong><\/p>\n\n\n\n

Managed Detection and Response (MDR) services offer a turnkey technology approach for companies that have little or no existing in-house capability for threat detection, response and investigation. For any company that finds itself in need of an outside MDR service to bring their security operations up to scratch or introduce this capability as quickly as possible, it\u2019s vital to make the right decisions. Otherwise, you\u2019ll end up spending money on a service that doesn\u2019t solve the problem. That just leaves you facing the same issues, but now you no longer have any budget left to fix them. That\u2019s why it\u2019s crucial to get things right the first time.<\/p>\n\n\n\n

What should you look for in MDR?<\/strong><\/p>\n\n\n\n

In the next five years, we expect to see a significant increase in the number of companies using MDR services. While MDR is ideal for mid-size organizations, it has applications for enterprises of any size. MDR service providers offer a broad range of specialist threat detection and response capabilities using outcome-based approaches. They typically concentrate on providing high-fidelity threat detection and validation capability that focuses on countering attacks that have bypassed protective security controls such as firewalls and endpoint protection.<\/p>\n\n\n\n

However, MDRs come in many different shapes and configurations; you need to understand which elements fit your specific use case as one size won\u2019t fit all for these services. The reality is that most MDR service providers simply resell someone else\u2019s technology, marking up the price but offering no tangible benefits. Even worse, some service providers still use solutions that rely on logs and off-the-shelf security information and event management (SIEM), backed up with their analysts. Such a solution is no better than a managed SIEM or EDR but with higher costs of an MDR. Watch out for any provider offering \u201cadvanced detection\u201d services.<\/p>\n\n\n\n

Also, be wary of any Managed Security Service Provider (MSSP) who offers an MDR service. Rather than being a proper MDR service, this is typically just a bolt-on addition to their basic services. Such a solution will never deliver the results that a genuine MDR service provides while incurring all the inefficiencies and defects of a compromise hybrid solution.<\/p>\n\n\n\n

Get Recommendations<\/strong><\/p>\n\n\n\n

Nothing beats word of mouth recommendations from friends for honest and reliable intelligence about how great any service is. With a plethora of social and business networking options available, it\u2019s easy to ask colleagues, friends, and even casual acquaintances for their opinions on a service provider. Unless you\u2019re looking in a particularly narrow niche, there are bound to be people out there with a similar setup who have bitten the bullet and hired an MDR service provider. They can tell you exactly how good or bad they are.<\/p>\n\n\n\n

There is a growing trend for security service providers to focus on specific industry verticals as a means of leveraging their internal expertise and differentiating their services. Looking to see what the businesses around you are doing is a great way to see which service providers have experience and capabilities that match your specific needs.<\/p>\n\n\n\n

While some service providers will happily provide a list of customers who are happy to provide a reference, remember they are only going to refer customers who they are sure will give a glowing review. If you do go down this route, don\u2019t forget to take some healthy skepticism with you.<\/p>\n\n\n\n

Why you should try before you buy an MDR service<\/strong><\/p>\n\n\n\n

There are hundreds of companies that advertise MDR services, each claiming to be the best, the cheapest, the most innovative\u2026 the list of advertising hyperbolizes, and the claims of unbeatable benefits made are endless. But how can you trust what they say? You need to see through the marketing lingo and precisely understand what the service they offer will do for you, and equally as crucial for your security, what it won\u2019t do.<\/p>\n\n\n\n

The solution is to try before you buy. Run a proof of concept trial to see if the claims in the brochures work with your own companies\u2019 circumstances. The deployment of the MDR will be on the inside of your network on all the chokepoints and endpoints, so you need this deployment to be seamless, painless, and as non-intrusive as possible. Any MDR service should rapidly identify and limit the impact of security incidents on a 24\/7 basis, focusing on core services of remote threat monitoring, detection, and targeted response activities. You need to be sure that the service provider you choose not only delivers these core services but that they do so in a way that works for you, provides the security you need in a language you can understand.<\/p>\n\n\n\n

Any trial won\u2019t be exhaustive and provide all the answers, but it\u2019ll answer most of the important ones and give you confidence that the service provider knows what they are doing, can handle the work, deliver what you need and when you need it. Also, with any trial, you\u2019ll end up working with the front-line technical staff rather than the salespeople. These interactions provide valuable insight into how your working relationship with the service provider is going to pan out. Salespeople are great talkers and have no qualms about promising the earth for the price of a few beans. The technical staff are realists and tell you like it is, even when there\u2019s a salesperson next to them, kicking them in the shins because they think the truth might be losing them the sale.<\/p>\n\n\n\n

So, what if the service provider you choose to approach will not support running a trial? Ask yourself why they are reluctant, what are they trying to hide. Signing up for an MDR service is usually a long term commitment, and it won’t be cheap, so any decent service provider should be delighted to have the opportunity to show you that they can be the partner you’re seeking.<\/p>\n\n\n\n

What should you look for in any trial?<\/strong><\/p>\n\n\n\n

    \n
  1. How well does the MDR service fit with my existing systems?<\/strong><\/li>\n<\/ol>\n\n\n\n

    The MDR service must work out of the box with your existing systems. You don\u2019t want to have to spend precious time and money, changing your systems to work with the MDR service. Conversely, you don\u2019t want an MDR that needs to be radically adapted to fit your systems because you know you\u2019ll end up one way or the other paying for the adaptions and supporting maintenance and upgrades to this bespoke solution.<\/p>\n\n\n\n

    Similarly, if you have existing security such as anti-virus, IPS, snadbox or SIEM technology, you want an MDR service that seamlessly integrates and accommodates any peculiarities in your systems. The alerts from your existing security controls should connect directly into the MDR incident response lifecycle without imposing any additional workload on your business. Remember that MDR solutions do not suit all organizations, so if the services offered do not fit with your existing infrastructure, consider other options that deliver your defined outcomes and goals.<\/p>\n\n\n\n

      \n
    1. Does the MDR service work in a live environment?<\/strong><\/li>\n<\/ol>\n\n\n\n

      Plenty of MDR service providers will offer demonstrations and flashy presentations, but showing a service working in a carefully controlled environment can tell you very little about how it will work in the real world. There\u2019s no point getting a service that gets overwhelmed by the standard quantity of events that your environment generates, cannot cope with the volume of real traffic, or which falls over whenever something unexpected happens. If coverage of the latest innovative capabilities such is required, the trial should ensure that the service provider can demonstrate a mature and proven ability. Any try before you buy assessment must be on your live environment, or at least a test environment that\u2019s a close match, to be of value.<\/p>\n\n\n\n

        \n
      1. What sort of company are they?<\/strong><\/li>\n<\/ol>\n\n\n\n

        If you\u2019re after a long-term security partner to deliver the MDR service than you\u2019ll need to find someone that you can deal with on a day to day basis. In times of crisis, you\u2019ll be relying on these people, and you have to be comfortable working with them as you fix the problems. There\u2019s no point keeping any secrets from them as that will just delay resolution of the issues that led to the crisis, so you need to find someone you trust, you can communicate with, and who is entirely dependable.<\/p>\n\n\n\n

        Ideally, you\u2019ll find someone who will take away all your problems and return with solutions that are easy to implement, rather than someone who takes up all your time by generating a deluge of requests to investigate spurious events. Your MDR provider should not send you unvalidated alerts or false positives and expect you to conduct the investigation. Communications should ideally be direct between your staff and the MDR provider\u2019s analysts; you don\u2019t want to be dealing with them through a portal or via service tickets when there are urgent matters to resolve. In a perfect world, the MDR will adapt to recognize and report only those issues that are important, leaving you to concentrate on running your business.<\/p>\n\n\n\n

          \n
        1. Will they add value to my business?<\/strong><\/li>\n<\/ol>\n\n\n\n

          Well-performed incident response takes time and skill, which many organizations just don\u2019t have, especially when detecting multiple threats in a short time frame. This situation is where the service provider should step up to the plate, but merely reducing the time to discover a breach is meaningless without a corresponding reduction in the response time, so you need a service provider who will act fast.<\/p>\n\n\n\n

          MDR services should bring round the clock threat detection, incident investigation and response capabilities to your business. However, you will still need internal resources to provide support where necessary. Finding human attackers and conducting accurate and timely threat hunting is not an easy task, that\u2019s why you\u2019re looking to outsource. Your MDR provider should be able to show you how they perform their work, what types of skilled professionals they have, and how their team will work with you and share their knowledge.<\/p>\n\n\n\n

            \n
          1. Will the service evolve as our business evolves?<\/strong><\/li>\n<\/ol>\n\n\n\n

            One certainty in business is that your company will need to change and adapt as the world changes and your markets change. I bet you didn\u2019t predict 12 months ago exactly what challenges your business is facing today. The same is true for the security threats you face; these continuously evolve and mutate, the bad guys always looking for new tricks and techniques, new holes in your defenses, and patiently waiting for that moment when they think you\u2019ve dropped your guard.<\/p>\n\n\n\n

            That\u2019s why you need an MDR that’s adaptable enough to keep up with you and can adapt to any changes to your systems or your security controls. The provider should be able to offer fast, scalable turnkey deployment of services that keep pace with your evolving requirements. While a trial won\u2019t provide this insight, talking with the service provider about past and future developments and their aspirations for their service can give confidence that they are the right people to take with you on this journey into the corporate unknown.<\/p>\n\n\n\n

            Additional Benefits of running a trial<\/strong><\/p>\n\n\n\n

            A trial can shine a light on the real state of your current security measures. While your existing security controls are ineffective, the chances are that they won\u2019t detect any breaches should they happen. A company that thinks it is secure because no breaches are detected tends to sit back on its laurels and is unlikely to commit additional funds to enhance security. Most companies only undertake serious investment in security after they suffer a severe and publicly embarrassing incident.<\/p>\n\n\n\n

            Undertaking a trial has the potential to provide a better picture of the security of the company\u2019s systems, and if they are as bad as you suspect, provide the impetus for funds to be made available to plug the gaps. Having a trial system running and a quote for turning it into a live system will make getting the necessary funding a lot simpler for the CSO. All the difficult questions that the board can ask will have already have answers, and any risks eliminated. If a director asks, \u201cso will this work?\u201d the CSO can point at a screen that shows it\u2019s already working.<\/p>\n\n\n\n

            Before choosing your MDR provider, it is essential to have clearly defined outcomes and goals that address defined use cases that you can use as a benchmark to assess the provider\u2019s capabilities. You also need a solid understanding of where you see your business going into the future once you have engaged with an MDR provider. Armed with this knowledge helps ensure you make the correct decision. If you perform sufficient due diligence, then the chances of success are greatly improved.<\/p>\n\n\n\n

            <\/p>\n","protected":false},"excerpt":{"rendered":"

            Making the right decision with the five things to look out for when you run a trial Managed Detection and Response (MDR) services offer a turnkey technology approach for companies that have little or no existing in-house capability for threat detection, response and investigation. For any company that finds itself in need of an outside […]<\/p>\n","protected":false},"author":1,"featured_media":1662,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1661","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/comments?post=1661"}],"version-history":[{"count":3,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1661\/revisions"}],"predecessor-version":[{"id":4118,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1661\/revisions\/4118"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media\/1662"}],"wp:attachment":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media?parent=1661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/categories?post=1661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/tags?post=1661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}