Partner perspective
Choosing an MXDR provider can be a daunting, complex, and highly consequential decision for your organization's security. The best providers maintain a strong industry reputation, positive customer testimonials, a comprehensive range of services, and evergreen support. Make sure their solutions are flexible, scalable, and can seamlessly integrate with your existing security infrastructure.
When analyzing which MXDR providers fit best with your organization, it is important to ensure they possess in-depth knowledge of the latest threats and advanced detection technologies. Assess their incident response procedures, threat hunting capabilities, and the experience levels of their security analysts. It is also essential that they offer 24x7x365 monitoring and support that guarantees a rapid response to security incidents. In addition, evaluate whether the provider offers vCISO services or consulting expertise to assist with aligning security programs to compliance frameworks, implementing necessary controls, and supporting preparation for audits and assessments. These services can be invaluable in helping your organization maintain readiness and maturity in an evolving threat landscape.
The terms you agree to with the vendor are crucial. Reviewing the provider's Service Level Agreements (SLAs) regarding performance and reliability is important, as is confirming there are no hidden fees, service paywalls, or scale triggers that could result in heavy, unexpected costs. Consider the response and resolution times where provided. If this information is not available, that speaks volumes about the service you're evaluating. Additionally, consider the vendor’s Net Promoter Score (NPS)—a high NPS indicates strong customer satisfaction and loyalty, which often correlates with reliable service and positive support experiences.
Building and maintaining security systems in compliance with industry or regional regulatory requirements, as well as privacy statutes, is paramount. Verify the provider utilizes robust methods of data protection, appropriate encryption standards, and an incident response plan to protect your sensitive data and meet compliance requirements. A minimum of SOC 2 compliance should be expected, along with a current audit report to validate it. If PCI applies to your environment, ensure the provider maintains PCI compliance and can produce an audited report as evidence. For those operating under CMMC mandates, inquire about both current standing and planned levels of compliance. For U.S.-only service needs, verify call routing, data handling, and personnel screening meet standards like CJIS, including background checks and fingerprinting.
Sentinel’s FortisX integrates with Cisco XDR to provide a comprehensive MXDR service, which includes management and support of Cisco XDR as well as quarterly analyst review sessions. FortisX leverages Cisco XDR's large data lake, AI-powered attack chain investigation, SOC and IT assistance, and enrichment from multiple threat intelligence sources. It also enhances detection and response capabilities, reduces alert fatigue and false positives, and provides automation playbooks.
Fortis Managed Services of the Cisco XDR and Cisco Secure Cloud Analytics platforms includes:
Monthly review to ensure all incidents within SLA are investigated and resolved, with remaining non-SLA items and configuration changes systematically assessed and actioned to maintain a clean, threat-ready environment
Includes escalation to the SOC for analysis of any items of interest
Configuration of XDR Automations & Workflows supported and verified by Cisco
Configuration and tuning of Alert Profiles in Cisco Secure Cloud Analytics
Alerting on Integration Health for Cisco XDR contracts
Remediation assistance and guidance with configuration and support requests
Fortis by Sentinel will create ServiceNow cases for failed/broken integrations within Cisco XDR via automated triggers scheduled to run on an hourly basis
Fortis Managed Services of the Cisco XDR and Cisco Secure Cloud Analytics platforms specifically excludes:
Custom Workflow development and creation (available as an add-on service at additional cost)
Managed Services Move, Add, Change (MAC) requests with a duration of more than two hours
Cisco planned maintenance, limitations, and restrictions including service interruptions without notice
Advanced threat hunting techniques and cutting edge detection and response capabilities powered by Cisco XDR
Strict background checks, fingerprinting, and other requirements based on specific compliance obligations (US based-only option)
Proven customer satisfaction with a 62 Net Promoter Score (NPS) and 96.62% overall customer satisfaction rating
NOC and SOC synergy
Continuous threat monitoring and rapid incident response
Flexible and scalable solutions
Seamless integration with existing security infrastructure
24x7x365 SOC service with a dedicated team of security experts utilizing automation tools to monitor, analyze, investigate and resolve threats
PenGuardian services to routinely validate your security tools, detection, and response capabilities—enabling a “patch on Tuesday, test on Wednesday” managed approach
Cyber Advisory Services, including vCISO, human-led pen testing, security assessments, vulnerability management, and GRC consulting
FortisX ActiveDefense, powered by Cisco XDR, is an Extended Detection and Response solution created and supported by Cisco Systems as well as an industry-leading Fortis by Sentinel Security Operations Center (SOC). It provides unified threat detection, investigation, and response powered by AI and ML, augmented with human-led threat hunting when coupled with the Fortis Security Insights platform. After a security event occurs that triggers a case in the Cisco XDR platform, initial triage is performed by the ActiveDefense SOC along with containment in accordance with the approved playbook and remediation guidance. Remediation is the sole responsibility of the customer. Active cybersecurity incidents or breaches can include remediation via a separate incident response agreement.
