This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.

Social Media Links

| 5 minutes read

Questions You Should Ask When Selecting a Managed Detection and Response (MDR) Provider

According to the 2022 Cost of a Data Breach Report by IBM Security and the Ponemon Institute, the cost of a data breach grew to an average of 4.35M in U.S. dollars in 2022 – reaching an all-time high. In addition, 83% of companies studied in the report experienced more than one data breach, and 60% of these companies said they increased the price of their services or products because of the data breach.

In addition, since the start of the COVID-19 pandemic, cybercrime has increased 600%[1], and the average weekly attacks per organization worldwide reached a peak this year of 1.2K attacks, a 32% increase year-over-year[2].

As the cybersecurity landscape evolves, organizations are struggling to keep pace with the changing threat landscape and skills required to combat these bad actors. This is particularly relevant for growing companies that may not have the in-house expertise or resources to implement and manage a comprehensive security program. 

Questions You Should Ask Yourself Before Interviewing an MDR Provider

Do You Need a Cost-Effective Solution to Improve Your Security?

For most mid-sized organizations, it is not realistic to attempt to manage every aspect of your security program with in-house resources. More and more organizations are recognizing that outsourcing 24/7 threat monitoring is an effective way to create peace-of-mind that your network is always protected while also allowing your internal team to focus on high-impact security initiatives and business priorities. A Managed Detection and Response (MDR) provider can help take the burden off your already overstretched security team and extend their capabilities without breaking the bank. Also, partnering with an MDR provider can help you address cyber threats in a proactive rather than reactive manner. 

Is Your Company Struggling to Keep Pace with the Ever-Changing Threat Landscape?

Having both around-the-clock threat detection services and incident response services in your security team’s toolbelt can help you better defend against today’s – and tomorrow’s – threats. A well-equipped, technology-agnostic MDR partner can help make sure you always have the right tools to protect your data and a skilled staff to keep them running at peak effectiveness.

Is Hiring, Retaining, and Training Cybersecurity Talent a Struggle?

By 2025, there will be 3.5 million cybersecurity jobs open globally, representing a 350% increase over eight years [3]. This shortage, combined with the increasing complexity and sophistication of cyber threats, has made it difficult for organizations to find and retain qualified security staff – and it will continue to be a challenge. If you struggle to hire, retain, and develop cybersecurity specialists, an MDR provider can be the solution.

How an MDR Partner Can Help

How an MDR Partner Can Help
MDR partners provide around-the-clock monitoring and threat detection, as well as incident response services, to help you reduce risk and improve your overall security posture. Using a MDR partner is a cost-effective tool for new and growing security teams and organizations that don’t have the internal resources to support a full security team. 

The right MDR partner can provide your organization with the peace of mind that comes from knowing that you have a team of experienced security experts on your side, on guard, and at the ready. It’s important, however, to choose a provider that best meets the specific needs of your unique organization. Start by asking potential MDR providers a series of questions to decide which of them can fulfill your organization’s needs and keep your business safe. The following is one of many questions to ask.

How Do You Integrate Into My Operations?

An MDR partner should integrate with your security operations to provide a comprehensive and collaborative security solution. Maintaining an active, ongoing dialogue between your internal security team and your partner’s security operations center (SOC) is arguably the most important aspect of an effective MDR relationship.  

Ask your potential MDR provider how they can integrate with your internal team and existing processes to provide real-time escalations and notifications of potential threats, as well as rapid response capabilities. This is essential because it helps ensure that any potential threats are identified and addressed before they have an impact on your business.  

Four Ways a Top-Notch MDR Provider Will Integrate With Your Organization

  • Dedicated instant message channels: Maintaining an “always-on” instant messaging channel in a live platform such as Slack or Microsoft Teams can be an excellent way to stay connected to your MDR partner.  
  • Incident response “rules of engagement” and defined escalation triggers: Make sure your MDR provider is appropriately empowered to take immediate action in response to a serious threat detected after hours. The ability to immediately quarantine an infected machine or ban a malicious process from executing can make the difference between a near-miss and a full-blown data breach.
  • Emergency communication planning: You should have an agreed upon method for communicating securely in the event that your network suffers a disruption that affects normal channels. Updated call trees and escalation paths should be maintained at all times.
  • Incident response services: An MDR provider should not only be adept at detecting threats but also at responding quickly. The ability to lead through the entire cycle of threat identification, containment, eradication, and recovery from a security incident is critical. An effective response can make the difference between a close call and a full-blown data breach.

Ask your potential MDR provider how they investigate, respond, and remediate threats quickly to prevent damage. If a threat is not investigated and resolved quickly, it can lead to data breaches and other serious damage. That’s why it’s crucial to also ask an MDR provider how fast they manage threats. Knowing this will help ensure that your organization is protected from any potential cyber attacks.

An MDR provider can help you reduce the impact of a cyber attack and minimize the downtime associated with it, but it’s essential to partner with an MDR provider that has the capabilities and resources to provide the right response for your organization’s needs

Asking specific questions as you’re assessing potential MDR partners will set your expectations and improve your long-term relationship. To further explore why it’s critical to ask questions when evaluating potential MDR providers, read our MDR eBook, “Ten Essential Questions to Ask When Evaluating MDR Services.” 

Once you’ve asked all your questions and evaluated potential MDR providers, you can be confident that you will be partnering with an organization that has the experience and expertise to protect your business from potential cyber threats. After you’ve decided which cybersecurity company is the best fit for your company, you will start working closely with your new MDR team so they can get to know your organization in depth, go through the deployment process, and get you up and running with 24/7 protection. 

© Copyright 2023. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.


article, cyber response, cybersecurity & data privacy, data privacy & cyber risk, content-team

Let’s Connect

We solve problems by operating as one firm to deliver for our clients. Where others advise, we solve. Where others consult, we partner.

I’m interested in

I need help with