How Check Point's MDR service improved my sleeping habits.
Use Cases and Deployment Scope
We decided before our last renewal with Check Point that we needed a good MDR service to keep us on top of critical threats. We don't have a 24/7 shop, so we knew this was a gap that needed filling. Because we are a Check Point Infinity customer, it just made sense to look at their product first, along with other 3rd party monitoring services. We found that the integration with our products and other 3rd party products like Active Directory were extremely simple. We then enable the ability for the MDR to quarantine machines and create firewall rules for real time threats. It has really been a godsend form me, having a small team, and helps me sleep at night knowing they are watching.
Pros
- Responsiveness for sure.
- Transparency. You have the ability to go back through the tickets and see the work they are doing.
- Competency. We have had a few events, and their staff is always on top of corrective action and communication.
Cons
- They could improve the active directory integration to support windows server version that are technically out of support.
- Maybe have a proactive feature that detects things they can integrate into MDR and track them.
Return on Investment
- They have literally saved us from fraud and reputation damaging issues by the speed at which they detect someone's email has been compromised. I would say the last one was within 15 minutes. The fraudsters only got 2 emails out before we intervened.
- I don't know that you can put a price on them quarantining an infected workstation at 2am when you are sleeping, and it's about 1/1000 the cost of hiring a 3rd shift network admin.
Usability
Alternatives Considered
Arctic Wolf Managed Detection and Response, Trustwave Managed Detection and Response and CrowdStrike Falcon Complete Next-Gen MDR
Other Software Used
DocuSign, Microsoft 365, Veeam Data Cloud for Microsoft 365, Veeam ONE