In a world post Solarwinds supply-side hack, a world where Kaseya has had several vulnerabilities, what can customers really do to feel comfortable about their security if they are using RMM solutions and an MDR to help qualify and verify security risks before they occur?
Well, there's a few components to realize. The first is that not all MDRs are created equal. This is obviously something MDRs will admit - they will all individually tell you their service is better than their competitors... but the reality is that some are made better than others. An MDR solution that allows active response - being able to shutdown or lockdown a system that is showing indicators of compromise is better than a log aggregation tool that gives you an email or text when a breach *might* happen.
By the time your employee gets a call at 2:39 AM on a Sunday Morning, the breach may have already hit several computers and you're dealing with clean-up... not containment. And containment of early indicators of the breach is going to be a success. That's a best case scenario - but a completely possible one as well.
And an MDR without that capability is depriving a key victory from your security team and trading it for knowledge of when to begin starting backups. They aren't comparable!
The second component to realize for most companies, is that an MDR doesn't excuse poor security hygiene. What does this mean? Well... for example:
The biggest take away from this second consideration is... does your MDR have the ability to react or take action versus just respond with an email or text to a person for them to do something. And if the answer is no they don't - you should consider reaching out to London Security to find out what would happen in an actual breach / ransomware event.