As more organizations use managed detection and response (MDR) services, Garland Technology decided to find out how an MDR Service Provider selects the best vendors to partner with. Sherri Lloyd, Strategic Partner Manager at Garland Technology recently spoke with CyberESI’s Director of Commercial Security Services, Regina Sheridan about this topic. CyberESI is a Managed Detection and Response (MDR) that focuses on expanding cybersecurity needs for midsize enterprises.
Regina, how do you define managed detection and response services?
Managed detection and response (MDR) is an outsourced service that provides threat hunting and response to threats once they are discovered. The services are delivered using the provider's own set of tools, but are deployed on the users’ premises. The deployment relies heavily on security event management and advanced analytics and while some automation is used, managed detection and response usually involve humans to layer deeper insight than automation can provide, to better monitor your network round the clock. Managed detection and response service providers should also perform incident validation and remote response.
Can you tell us a little bit about CyberESI’s philosophy?
CyberESI’s philosophy around cybersecurity is built on the concept of full visibility. Our expert analysts know exactly how to detect, hunt, and eradicate cyber actors. However, they need full visibility in order to successfully do those things. We can utilize a client’s existing solution set to detect and respond to cyber events, but most often we augment a client’s existing technologies by leveraging our patented and proprietary analytic platform which enables: full network visibility through loss-less, full-time, full packet network capture, automatic consumption of curated threat intelligence feeds, ingestion of multiple critical telemetry sources, and host assessment and remediation using our endpoint utility.
Can you expand on the concept of full visibility?
Full visibility enables an on-going understanding of a client’s technology assets and a confirmation that those assets are protected. Full visibility is required to detect when unauthorized events are occurring on a client’s network and to successfully respond and recover should those events lead to a cybersecurity incident. It also empowers more robust insight into adversary tactics, techniques, and procedures (TTP) as well as system impact, which gives our analysts the insight they need to make accurate mitigation recommendations.
>> Download Now: Best Practices for Applying Visibility Technology to Inline and Out-of-Band Security [Free Whitepaper]
How did you go about selecting a network visibility vendor to support Cyber ESI’s analytic platform?Full visibility across on-premises and cloud environments uncover expected and unexpected threats and the vendor we select needs to:
- Guarantee 100% packet capture and transfer of data packets
- Provide cost-effective solutions
- Open Interoperability: Focus on the tool by incorporating TAPs and Packet Brokers that have uncomplicated management interfaces and restful APIs to automate traffic exchange
- Collaborative Partnership
Why did you select Garland Technology’s network visibility products to support Cyber ESI’s analytic platform?
A critical step in gaining, and maintaining, network visibility is integrating our analytic platform into a client environment. This is where Garland Technology comes in. Garland’s network TAPs are often an essential component of connecting CyberESI’s analytic platform to our client’s infrastructures. Garland’s technology enables and protects the connectivity CyberESI needs to maintain the reliable flow of information required for the delivery of our various cybersecurity services with cost-effective solutions.
As a partner, the Garland team is supportive at every step of the client relationship lifecycle.
Pre-delivery: Garland collaborates with CyberESI to help us incorporate network architecture questions into our client on-boarding questionnaire, which helps us quickly ascertain 1) if an aiding component is required to connect to a client network, and 2) if so, what product will be the most appropriate.
Identifying this information early in the on-boarding process keeps the overall timeline moving forward efficiently. It also lessens the amount of back-and-forth information gathering between us and our new clients, all of which makes for a smoother process and a happier client.
Implementation: Garland’s experts make themselves available to our tech team for the inevitable set of questions and last-minute adjustments that occur during a new solution install. Garland is swift to respond to our team’s needs whether they reach out by phone or by email. This timely support is especially appreciated during the high-paced atmosphere of a new installation. Garland’s availability and insight allow our team to present a confident demeanor in what could be a very high-stress situation.
Maintenance: Garland’s team is incredibly supportive in helping us maintain and troubleshoot legacy equipment in the field. CyberESI is fortunate to have long-term relationships with our clients. This can sometimes mean there is technology in the field that is no longer an active part of the Garland catalog. Not only does Garland ensure we have the documentation required to support newer technologies, but they have hunted down out-of-print manuals and hard-to-find answers as well. That willingness to put in extra time and extra effort is just another example of what makes Garland such a valued and trusted partner.
Planning: The CyberESI and Garland team enjoy regular touch-base calls to ensure each part of the process is working well. These ongoing meetings allow both sides to discuss current opportunities, open issues, and future plans. Most importantly, these interactions make it apparent to us that Garland is committed to the ongoing success of our partnership.
Garland has shown us time and again that they stand behind their core values: they believe in securing and monitoring networks, and in supporting your visibility strategy. Their excellence has reinforced and strengthened our own, and we look forward to continuing this partnership for some time to come.