Threat detection and incident response are must-haves in any effective security program, cloud or otherwise.

The good news: If you don't have the in-house talent, tools or time to do-it-yourself, there are hundreds of service providers who can help.

The bad news: There are so many providers with so many confusing names. Are they MDR providers? A Managed XDR?  A good ol’ MSSP? Or maybe a SOC as a Service / 'SOC in a Box?' What’s the difference, anyway?

I’d like to suggest six tough questions that can help de-mystify these super “global-cybersecurity-SOC-operation-with-AI-powered, hyper-graphed, predictive, analytic, metaverse-UX” claims from the ones who are the real deal:

  1. Does the provider 'speak' cloud security?

Make sure the provider you're considering has cyber analysts who know cloud security. Ask them directly. If they think Jenkins is a parlor game, you may be dealing with the wrong team. Seriously, it's an important point because going with a provider who puts cloud first means you can avoid misdiagnosis, missed attacks and incorrect escalations. Plus, your cloud security engineers won't have to waste time explaining the basics to a cyber team that’s only familiar with traditional IT network devices.

  1. Will our team cultures mesh?

Folks working in cloud tend to move very quickly. Their mission centers on providing organizations scalability and speed of delivery, while maintaining reliability for end users. Make sure you understand whether the provider:

  • Limits the number of times you can call them or ask for new use-cases and detections.
  • Will allow your volumes to scale without charging you more, thus forcing you to choose between security risk and cost of service.

Also, look for a provider that quotes a fixed price and sticks to it so you can move quickly without annoying change requests.

  1. How often have they helped clients in their cloud journey?

Plenty of security vendors say they can protect your cloud environment. But let’s be very clear here—just throwing a tool at a problem doesn't work. There should be a healthy respect for the complexity of the underlying technical problems. It's important to understand threat vectors and critical vulnerabilities. Otherwise, you're stuck with yet another shiny box that creates false positives after the smart people that put it in move on to their next project.

Aim for a provider that has performed thousands of cloud security assessments, ideally a SaaS-based service provider who has taken the cloud journey themselves.

  1. How long will it take to get results?

By now, most security teams know there’s no “silver bullet.” What you really get from vendors who promise one is a requirement to hire a bunch of people, spin up some security tech, identify new use cases, ingest the intel and weed out the false positives. In other words, a protracted time to value. 

My advice is to learn from others. Choose a service that is multi-tenant, cloud-based and includes hundreds of use case detections and leading-edge intelligence built up over time. You don’t want to be learning with them as they grow, you want to benefit from others’ learnings in the past.

  1. What is the level of long-term support, and can they flex their service to your needs?

The trough of disillusionment is sadly a real thing. When the 'A-team' has finished the transition, the team on the ground may be not quite what you were sold. Ask to meet the team that will be supporting you long term. Who are the key folks assigned as your on-boarding manager, your key cyber analysts? Ideally visit them at their location or at least in a face-to-face call and talk to the delivery folks directly. Ask how they'll handle updating the service. Do you have to pay more for additional use cases?

Pick a provider that has hundreds of tried and tested playbooks, and lets you add your own, and learns from their global client base and applies those learnings to you—all at no extra cost.  If not, you may be wondering why your spend is so much more than the original contract you have locked-into.

  1. Is the vendor in it for the long run?

Look for longevity markers: a provider that has delivered services for several years with global depth and breadth. Ask them about their experience and knowledge of your industry—what specific threats and cloud learnings can they offer based on their global interactions with your peers?  A bunch of cyber security guys without that thought leadership will struggle to keep you ahead of the risks.

Bottom line: While there is no perfect vendor, the answer to these questions should help narrow down your provider short list to those who can truly deliver value. It’s one thing to have an appealing 'storefront' website, but you want somebody with the street cred to back it up.

If you’d like to know more or have questions about selecting a cloud security provider, please visit our MDR page.

About Accenture

Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services and Accenture Song—all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 710,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.

About Accenture Security

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence.  Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

 

Copyright © 2022 Accenture. All rights reserved. Accenture and its logo are registered trademarks of Accenture. This content is provided for general information purposes and is not intended to be used in place of consultation with our professional advisors. This document makes reference to marks owned by third parties. All such third-party marks are the property of their respective owners. No sponsorship, endorsement or approval of this content by the owners of such marks is intended, expressed or implied.

 

Danny Dawes

Managing Director – Accenture Security, Managed Detection and Response Lead

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog
Subscribe