Introducing Respond Software’s First Responder Service

If you are outsourcing your security operations to an MDR or MSSP there’s a good chance you are paying for a service that is disappointing or simply not meeting your needs.  You might be looking into moving to a different service provider or bringing operations back in-house.  If you are thinking about the former, what makes you believe the outcome will be any different than what you are seeing today?  If you are considering the latter, what cost are you willing to pay and how do you find, train and retain the right people?

In a recent survey conducted by Respond Software, in conjunction with the Ponemon Group1 (stay tuned for the full report coming soon), nearly 60% of respondents rated their service provider at 6 or lower on a 10-point scale.  Of those respondents that rated their service at 4 or less, 23% will be looking for a new service provider, 37% will continue to use their current provider and 40% will bring operations back in-house.

 

For the 60% that will look for a new service provider or stay with their current one, it’s fair to say they should expect the same dismal results.  For the 40% that are going to bring operations back in-house, I’m wondering how much they are willing to pay to accomplish that, as the average analyst is costing organizations over $100K/year in salary alone.  And how many analysts will they need?  Not to mention the skills gap that is plaguing the industry.  Where do these organizations think they are going to find the human talent or skill set needed for the job?

Introducing The First Responder Service

To address these issues, Respond Software is changing the game with a new and completely different approach to Security Operations.  Respond Software is already working with a set of forward-thinking customers that have come to this realization.  And now we are taking it a step further with our First Responder Service. The First Responder Service is a fully Managed Incident Escalation Service powered by the Respond Analyst, an expert cybersecurity analyst that combines human reasoning with machine power to make complex decisions with 100% consistency.

One of the unique capabilities of the First Responder Service is that it can be used across your heterogeneous security stack to detect attacks with precision accuracy greatly reducing false positives, mean time to detect and overall dwell time of attacks.  The Respond Analyst supports best in class security technologies and solutions, freeing you from the proprietary stacks that many MSSP/MDR providers require you to deploy. The First Responder Service unlocks considerable value from your security technology investment, enabling you to turn the volume up on events and data collection, allowing the Respond Analyst to see more without drowning your team in alerts.  And it is available at a fraction of the cost of traditional MDR services.

Additionally, the First Responder Service includes a team of First Responders that engage and answer questions about the incidents the software identifies. Incidents are “responder ready” and typically only a few per week are escalated, unlike the high volume of false positives that most service providers expect their customers to investigate.

Our First Responder team of incident responders follows up on every incident, ensuring your team is taking the necessary actions to address the risk and protect your organization. We answer questions, assist with remediation actions, and manage the Respond Analyst on your behalf.  The First Responder Service includes:

    • Automated incident escalation: Within five minutes of incident creation, customers have 24x7x365 access to unrivaled situational awareness and a point of escalation when needed.
    • Live consultation: Expert First Responders are available for customers to engage for incident assistance with intrusion/attack analysis, recommendations for remediation and more.
    • Quarterly briefings: The First Responder Service includes regular updates to help customers understand key metrics and performance indicators specific to their environment and team.
    • Enhanced on-boarding: First Responders will interact with the customer’s team for a white-glove on-boarding experience during the first 30 days. 

The Respond Analyst specializes in monitoring high volume data sources, such as Intrusion Prevention Solutions, Web Proxies, Endpoint Protection, and Endpoint Detection. The more data the Respond Analyst collects from your environment, the fewer incidents are typically escalated.  The Respond Analyst focuses on the grey areas of security incidents using probability theory to determine if something is malicious and actionable, cutting through the noise of false positives. More visibility allows the Respond Analyst to correlate across telemetry sources, creating even more value through highly enriched security incidents.

Traditional MDRs, MSSPs, and SIEM providers use rules and workflow automation, resulting in black or white escalations. Security incidents are not that simple. They require context, correlation, and a thorough understanding of your environment. The Respond Analyst uses judgement, just like an expert security professional, to identify and investigate security incidents and determine the probability that something is creating risk.

Paired with our First Responder team of incident responders, you get immediate coverage of security incidents in your environment that can free your team up to focus on high value projects and actions that reduce business risk.

If you are interested in service that goes beyond the traditional outcomes to deliver fewer false positives, actionable incidents and extended visibility, contact Respond Software today.

For more information:

1 Ponemon and Respond Software Report, December 2019

Mike Reynolds

Mike has spent over 20 years in the information technology industry. Prior to Respond Software, Mike led product marketing teams that delivered storage management, software-as-service, cloud computing, business continuity, and cyber security solutions to customers of all market segments. He has held roles with Commvault Systems, Veritas Software, Symantec, Cable and Wireless, Exodus, Hitachi and Amdahl.

View all posts by Mike Reynolds