The increasing challenge of securing your organization drives home the need for an array of security offerings that can provide the coverage needed within a budget that works for you. Staffing shortages are now compounded by the problem of increasingly sophisticated threat actors.
Managed services can provide expert security coverage without requiring a full in-house security operations center (SOC), filling a needed gap for many organizations. That's why we're excited to announce that we're partnering with managed service providers (MSPs) to make ExtraHop Reveal(x) 360 network detection and response (NDR) available as a managed service.
Why Managed NDR?
Security operations centers have traditionally relied on endpoint detection and response (EDR) and security information and event management (SIEM) tools for incident management and response. However, a rapidly-growing third category of security technology is being recognized as critical to modern security: NDR. In a recent post, we explored how these three technologies—known as the SOC Visibility Triad—have become the go-to structure for providing visibility across complex hybrid and multicloud environments.
While NDR, EDR and SIEM together serve as the foundation of the modern SOC, the current cybersecurity skills gap is driving many customers to either augment or outsource their SOC entirely to a managed service provider.
The addition of Reveal(x) 360, our SaaS-delivered NDR, expands the capabilities of MSPs to include the complete visibility, real-time detection, and intelligent response capabilities required to defend against advanced threats.
How to Choose an MSP for Managed SOC Services
For organizations evaluating a managed SOC approach to security, it's important to keep in mind that not all MSPs have the requisite security experience and that not all managed SOC offerings are equal in the scope or depth of capabilities they provide.
Managed service providers that focus on SOC Operations can provide services such as:
- 24 x 7 x 365 monitoring & incident response
- Proactive threat hunting
- Remote incident response & containment
- Threat mapping against security technology
- Security tool platform & device management
- SOAR automated workflows
- Compliance reporting
- Skilled staffing
When evaluating a managed SOC offering, customers should start by identifying their desired business outcomes and must-have service requirements. Not all customers will require every service that's offered, and it's important to evaluate an MSP based on your specific requirements.
NDR plays a vital role in the managed SOC capabilities listed above. For monitoring and incident response, NDR delivers the most complete, real-time, and accurate visibility and threat detection. Unlike EDR, it can't be evaded or disabled. Unlike logs, it can't be erased. It's always on but can't be compromised by cybercriminals.
Questions to ask when choosing a managed service provider:
- Is their SOC certified?
- Do they have SLAs?
- What technology products do their analysts/service delivery teams support and are those teams certified by the vendor for those solutions?
- What services do they offer outside of platform management?
- Are their security services proactive or reactive?
- How will they respond to detections/incidents and engage with your teams?
- What are their analyst workflows?
- Will they maintain a regular engagement cadence with your teams to identify areas to improve your security hygiene?
ExtraHop takes a holistic approach to identifying MSPs to deliver Reveal(x) 360 as a managed service. Our rigorous evaluation looks at people, programs, and processes. We also provide robust onboarding, training, and support for these MSP partners to ensure the highest levels of service and ROI.
To find an ExtraHop-authorized Managed Service Provider Partner, please email email@example.com