Partner With the Best, Ignore the Rest: Top MDR Attributes
Healthcare providers are constantly seeking to optimize business performance and build future-proofed infrastructure, especially as the industry faces regulatory headwinds and constricted margins. One of the most effective ways to achieve security and compliance is to partner with a trusted third-party cloud expert. As we discussed in our article, Prioritize the Right Partner – MSSP vs. MXDR vs. MDR, there are multiple managed service constructions available to meet your needs.
Those who foretell the value of a Managed Defense provider and want to evaluate MDRs should be sure to dig into partners’ capabilities and fact-check their claims to avoid later complications. Below we have provided guidance on the most relevant services and offerings that you should require of any MDR at the table.
HITRUST Certification is Non-Negotiable
First, the need for HITRUST certification has never been higher stakes for healthcare. With constantly shifting regulatory landscapes, the stamp of approval from HITRUST certification means that your HCO has cleared a high bar and adheres to best practices. Although you can achieve HITRUST certification on your own, doing so typically takes 12 months to share all relevant documentation, and hundreds of thousands of dollars in labor and expenses. You can time-collapse the entire process by partnering with an MDR that already has cloud certification to operate under their HITRUST Certification.
A leading MDR partner will bring much more to the table – in addition to the HITRUST Certification. Here are the top attributes every healthcare provider should insist on seeing their MDR partner deliver.
Healthcare Cyber Threat Intelligence
Active Defense Capabilities: Defenders proactively utilize denial, disruption, degradation, and deception to interrupt attackers’ operational tempo — forcing them to go off script, revealing themselves in instances where they may have already bypassed traditional reactive security technologies. MDRs with numerous clients can collect anonymized indicators of attacks and compromised defenses sourced from one subscriber’s managed cloud environment — which are then validated and imported into curated blocklists, and continuously disseminated to the MDR’s entire suite of security technologies.
Threat Intelligence Advisories: Operationally relevant and industry-specific intelligence deliverable that provides healthcare organizations with proactive insight into today’s threat landscape.
Threat Indicator Management: A service to answer the question: “Who is targeting my organization and others like mine?” The MDR may collect and analyze attack information sourced from sensors deployed within the organizations cloud estate and industry vertical.
Public Attack Surface Monitoring: The MDR monitors the public facing IP addresses of all your organizational assets for poor reputation scores, which could indicate that an asset has been compromised and is being used for malicious activity.
Virtual Machines & Container Hosts
Malware Protection: Provides both real-time and on-demand protection against file-based threats including ransomware and other potentially unwanted applications.
Host Intrusion Prevention System (HIPS): Protection from both known and zero-day vulnerability attacks (ex. Log4j, Spring4shell, etc.), and web application vulnerabilities.
Application Runtime Protection
Application Log Monitoring: Application logs provide a detailed picture of client and server interactions. They must be analyzed to determine if an attack against a web application was valid and/or successful. This service continuously collects and analyzes application logs for indicators of attack and compromise.
Container Threat Detection: Identify and alert suspicious behaviors and other anomalies that occur inside containerized workloads and their supporting infrastructure. Alerts created by the technology are surfaced, triaged, and investigated by analysts on the MDR team.
Cloud Network Threat Protection: A combination of cloud native service logging, real-time analysis, and event correlation to provide timely and high confidence detection of malicious network activity to all customers the MDR serves.
Cloud Platform Protection
Audit Log Management: Technology that configures and deploys logging of subscriber resources to make them available and accessible during an audit or during troubleshooting.
Cloud-Native Threat Detection: Monitoring and response for alerts created by native security threat detection tools such as GuardDuty, Azure Advanced Threat Protection, and GCP Event/Container/ VM Threat Detection.
Breach and Attack Simulation (BAS), and Penetration Testing as a Service (PTaaS): The use of validation-type capabilities to test and understand threat scenarios in an environment on a continuous basis — rather than traditional, single test or annual test mechanisms.
Bandwidth to build out a tailored “squad model” for relevant vertical expertise and culture fit. Because MDRs maintain a large staff of analysts, responders, and customer support specialists, they have the unique ability to assign certain team members to customers based on the customer’s vertical and specific needs.
Strong threat detection, proactive threat intelligence, and scaled response capabilities. MDRs with numerous clients in a specific industry, like healthcare, can provide data-driven insights about emerging threat vectors that a single HCO with an in-house cybersecurity team cannot. The reason is that MDRs can source data from a host of HCOs, extrapolate potential threats to other clients in similar verticals, and introduce scalable solutions that can be tailored to each client’s unique operating environment.
Highly skilled, adaptable talent. IT, security, and privacy leaders at HCOs are frequently highly educated and capable individuals. As a result, they need an MDR team that brings just as much intelligence and ability to the table, if not more. The ideal MDR vendor will seamlessly sync with the client’s existing cybersecurity technology, and act as a trusted advisor to help their client augment their security capabilities.
Choose The Right MDR Partner
As a healthcare entity, your MDR partnership may be one of the most critical partnerships you decide on. Not only is your MDR partner responsible for protecting the IT systems your organization uses on a daily basis, your MDR partner is also a major stakeholder in your public reputation and perception. A single cybersecurity incident can irreparably destroy patient trust and cause major financial harm to the business.
For those reasons, we recommend every healthcare provider diligently evaluate potential MDR partners and select the organization that has a proven track record of specializing in healthcare cybersecurity and is committed to keeping your organization secure.
Reach out for a consultation to learn more about ClearDATA’s MDR services.