Top 10 Questions To Ask When Comparing MDR Providers

Category: News
Published: 9th July 2024

< Back to Media
Women smiling at a desk having a discussion with a man

As cyber threats continue to evolve, the need for robust Managed Detection and Response (MDR) services has never been greater. Choosing the right MDR provider can be a daunting task, given the myriad of options and the critical nature of the service. To help streamline your decision-making process, here are the top 10 questions you need to ask when comparing MDR providers:


  1. How does the MDR provider ensure 24/7 coverage?
    Ensuring around-the-clock monitoring and alerting is crucial for effective threat management. Ask providers how they maintain 24/7 coverage. Some will utilise shift work to facilitate 24/7 eyes-on-glass coverage, others will have international teams to allow them to have 24/7 coverage handing off from one team to another across time zones. Another option is to use automation and on call rotas to provide action only when needed. All are valid and all have their pros and cons, so it will be important to explore each option and how it aligns to your budget and needs.
  2. Do the responses and response times differ outside of business hours?
    Some providers might offer reduced services or delayed responses outside of business hours, which could be a significant risk. Make sure you always understand your SLAs, during and outside business hours.
  3. How does the provider integrate Threat Hunting and Threat Intelligence into the service?
    Effective MDR services go beyond reactive measures by incorporating proactive threat hunting and robust threat intelligence. Inquire about the provider’s approach to these areas. Do they have dedicated teams for threat hunting? How do they source and update their threat intelligence?
  4. What is their process for detecting and responding to unusual user behaviour?
    Anomalous user behaviour is often a red flag for potential security breaches. Understand the methodologies and tools the provider uses to detect and respond to unusual activities. Automated behaviour analysis, machine learning models, and expert human analysis are all aspects to consider.
  5. Can the provider support other assets and environments like public and private clouds, Operational Technologies, and IoT?
    In today’s diverse IT landscape, it’s essential that your MDR provider can protect various environments and assets. Verify whether they have experience and capabilities in managing security for public and private clouds, Operational Technologies (OT), and Internet of Things (IoT) devices. This flexibility ensures comprehensive coverage across your entire network.
  6. Is the MDR team using a concierge model or a SOC model?
    The structure of the MDR team can influence the services effectiveness. A concierge model typically offers a personalised service with dedicated analysts familiar with your environment, while a Security Operations Centre (SOC) model might provide a broader, less tailored approach. Determine which model aligns best with your organisation’s needs.
  7. What are the standard and bespoke incident response options?
    Incident response is a critical component of MDR services. Knowing about an incident is of little use if you do not have a plan to deal with it. Ask about the standard incident response procedures and whether they offer bespoke options tailored to your specific requirements. Customisable incident response plans can provide more effective and efficient resolutions when incidents occur.
  8. How do they determine the price of their MDR service?
    Understanding the pricing model is essential for budget planning. MDR providers may base their pricing on factors such as the number of endpoints, data volume, users, service level agreements or the number of sites or locations a company has. The pricing may also vary depending on whether you want bespoke reports for compliance, above what is standard. Get clarity on how costs are calculated and whether there are any hidden fees that might affect your budget.
  9. What reporting is provided as standard and can bespoke reports for individual compliances be provided?
    Regular reporting is vital for transparency and compliance. Check what types of reports are provided as part of the standard service and if the provider can generate bespoke reports to meet specific compliance requirements you may have. Customised reporting can help in meeting industry standards, supply chain requirements and regulatory obligations but some companies charge extra for this.
  10. Which technology is used to underpin the MDR service and how regularly is this reviewed?
    The technology stack behind the MDR service can impact its effectiveness. Inquire about the technologies used and how often they are reviewed and updated. Cutting-edge tools and regular technology reviews can ensure that the service remains effective against the latest threats.


Selecting the right MDR provider is a critical decision that can significantly impact your organisations security posture. By addressing these ten questions, you can make an informed choice that ensures robust, comprehensive, and effective threat management tailored to your specific needs. Ensure you conduct thorough research and have detailed discussions with potential providers to understand how they can best protect your organisation from evolving cyber threats. You can find out about our MDR service here, or contact us to talk to one of our experts.