Traditional reporting generated by managed security service providers (MSSPs) tends to be exhaustive. Typically, there’s an overwhelming number of data points but a lack of actionable insights. It’s almost as if the vendor is focused on justifying the cost of the service, rather than showing customers the most important information they need to act on to improve their security.

With Open Systems MDR+ Action Reports, we take a completely different approach by focusing on surfacing key information to help customers improve their security posture. Instead of overwhelming customers with data, we focus on the subset of information that is the most actionable. This empowers customers to focus on high-impact actions, make key decisions, and communicate information regarding their security program.

Action Reports also provide the insights that IT and other teams need to operationalize security within their organizations.

The “Less is More” Paradigm Shift

We believe a paradigm shift is necessary in the way managed detection and response (MDR) providers report to customers, to have reporting that drives security programs forward. That's why our MDR+ Action Reports focus squarely on delivering insights that inform actions.

We’ve deliberately focused on those execution metrics that have meaning for the business.

MDR+ Action Reports enable our customers by providing valuable insight based on three critical questions: What do I need to do? What decisions should I make? What do I need to communicate, and to whom?

With every report, you’ll know what to do, decide, and communicate. Here’s how the three play out with real-world examples:

  • Do: Enables the customer to know what needs to be done to improve their security posture. This information is derived directly from our observations monitoring the customer’s specific attack surface. For example, new critical assets have been discovered that don’t implement multi-factor authentication; or what percentage of the environment is covered using EDR and preventive technology and more.
  • Decide: Gives the customer an understanding of the potential impact of a newly discovered threat on their environment. For example, a report may indicate they can accept the risk uncovered from a custom threat hunt, because it won’t have any immediate security impact or there is a compensating control in place.
  • Communicate: Guides the customer to data that is useful to share with stakeholders. For example, a customer might share with the board that can include what threat hunting has taken place over the reporting period with an emphasis on zero-day disclosures.

A Next Gen Approach to MDR

Our next gen approach to MDR delivers a virtuous security lifecycle of assess, prevent, detect, and respond practices. And it’s through this continuous assessment, derived from our observations performing continuous monitoring, that we can recommend preventive controls to improve our ability to detect and respond. MDR+ provides insights that advance your organization’s security, enabling SecOps teams to improve their practices in these areas by delivering tailored recommendations.

  • Assessment: how to better understand posture and environment
  • Prevention: how to better reduce risk
  • Detection: how to broaden coverage and increase signal fidelity
  • Response: how to better respond to a given threat

With the Action Reports in MDR+, security stakeholders receive prioritized insights on the current state – and potential improvements for these four practice areas. Our customers have told us they appreciate that we’re focusing solely on business value and security posture impact, to ensure we help them meet their organization’s goals – not just our own.