CylanceMDR: A White Glove Onboarding Experience

CylanceMDR: A White Glove Onboarding Experience

CYBERSECURITY / 11.04.24 / Jay S. Goodman, Kirin Sennik

• Share on X
• Share on Facebook
• Share on LinkedIn
• Email

Managing cybersecurity is a daunting task especially when constrained by limited budgets and a shortage of security expertise. Managed Detection and Response (MDR) services, such as CylanceMDR™, fill in gaps by offering robust monitoring and response to cyber threats - around the clock. When comparing MDR services, it's common to focus on the ongoing operational capabilities, including time-to-respond, automation, and SLAs (service level agreements), but it's easy to overlook the onboarding process.

CylanceMDR offers a hands-on, white glove onboarding experience to every MDR customer. Our onboarding is outcome-focused, to ensure proper implementation and optimization of CylanceMDR, and ensure that it helps build mature security operation practices through a proven, guided process. Effective onboarding sets your organization up for protection and positions you for continued security success.

Why MDR Onboarding Matters

It's tempting to think of MDR as the kind of cookie-cutter, set-and-forget service that is simply turned on like a light switch. Sadly, many MDR service providers treat it this way, promising to make your cybersecurity challenges go away in a matter of minutes or hours. While offloading security operations tasks is the goal, getting there requires some careful thought and planning - because no two organizations are alike. An effective onboarding process identifies and accounts for these nuances, delivering key benefits, including:

• Fast Time to Value: Delays in getting a new solution operational translates to lost value from the subscription. For an MDR service, this means not only hooking up the digital plumbing to ingest security data, but also ensuring that the data sources and analytics are properly tuned to deliver fast and accurate alerts.

• Maximizing Protection: Security tools are often packed with features, and it's easy to miss some, or to kick implementation down the road to an unspecified future date. A quality onboarding process ensures that your organization takes full advantage of all the capabilities you paid for, from endpoint protection to continuous threat detection.

• Reducing Disruptions: Learning to navigate and configure new security solutions can be time-consuming and taxing on internal teams. Proper onboarding reduces the operational strain by streamlining the process and equipping teams with the knowledge to manage the platform and interact efficiently with the service.

The CylanceMDR Onboarding Team: Expertise and Dedication

What is the onboarding experience like when you become a CylanceMDR customer? Our onboarding process is led by a team of dedicated specialists with extensive experience in implementing effective threat prevention and incident response. You are assigned a team of senior specialists that work closely with you throughout the onboarding journey, ensuring the solution is optimized to your organization's specific needs.

The CylanceMDR Engagement Manager plays a pivotal role throughout the process. The Engagement Manager oversees the entire operation, coordinating resources and tracking progress.

Your organization will also have a Technical Consultant who will personally ensure best practices are followed. This expert effectively deploys endpoint agents and verifies that all third-party data sources are integrated seamlessly with CylanceMDR. The Technical Consultant also works closely with your internal security team, providing guidance on system optimization and helping them make the most out of the CylanceMDR platform.

The Technical Consultant's involvement extends through the complete onboarding; and they continue to provide ongoing support, making sure your implementation is regularly refined and aligned with your organization's evolving security needs.

Together, this team provides a hands-on, continuous onboarding experience, ensuring that you begin your CylanceMDR journey with a well-functioning, mature security platform that rapidly increases your security posture.

Four Key Phases of CylanceMDR Onboarding

The CylanceMDR onboarding process is structured around four key phases. This methodical approach allows for flexibility while providing a clearly defined roadmap for the deployment and optimization of the solution.

Phase 1: Kickoff

The onboarding journey begins with a kickoff meeting where the scope of the project is defined, and the overall approach comes together. Key activities include:

• Reviewing the data sources that will be in-scope for the CylanceMDR deployment. For organizations using CylanceMDR Standard and Advanced, the focus will be on deploying and configuring Cylance® endpoint protection technology. For CylanceMDR Pro the scope broadens to include third-party security tools that are part of your existing security infrastructure.

• Reviewing deployment options for the endpoint agent, which will provide endpoint protection across the organization.

• Offering initial training on the Cylance management console, ensuring your team is familiar with the core tools they will use.

At the conclusion of the kickoff phase, the team develops a preliminary project plan that outlines the onboarding process, including a clear timeline and list of tasks to be completed.

Phase 2: Technical Implementation

In this phase, the onboarding team focuses on deploying the agents across the organization's environment as well as integrating any third-party data sources into the system to enhance the platform's ability to detect and respond to threats. The Technical Consultant plays a critical role during this phase, partnering closely with your in-house subject matter experts to ensure that all systems are properly integrated and functioning as expected.

CylanceMDR customers will also be enrolled in BlackBberry® AtHoc®, a trusted communication channel used to interact with the Cylance SOC (security operations center) during security incidents. AtHoc provides secure, out-of-band, two-way messaging between the Cylance SOC and customer staff, enabling critical communications to remain operational during a security incident, even if standard channels such as email or Slack are compromised by an attacker.

Phase 3: Passive Monitoring

Once the endpoint agents are deployed and third-party data sources integrated, the system enters a phase of passive monitoring. During this time, security controls operate in an alert-only mode, allowing the onboarding team to fine-tune the system without risk of disruptions to the organization's operations.

During this phase, the CylanceMDR team baselines normal activity across the network. The onboarding team works closely with your security team to filter out false positives and benign activities, ensuring that only relevant security events are escalated. During passive monitoring, the onboarding team continues to provide ongoing training and knowledge transfer to your security team.

On rare occasions, initial monitoring can reveal signs of a pre-existing breach within the organization. If evidence of an ongoing or previous attack is found, the onboarding team will immediately engage with CylanceMDR incident responders to contain and remediate the threat. This proactive approach ensures that organizations are not vulnerable to threats during the onboarding process itself and begin their CylanceMDR journey from a secure and trusted state.

Phase 4: Active Enforcement

Once data sources are properly integrated and tuned, the CylanceMDR platform moves from passive monitoring to active enforcement. Security controls are now set to automatically block threats based on the policies configured during the previous phases. By the end of this phase, the organization has a fully operational security platform, optimized for long-term success.

Continuous Engagement: Beyond Onboarding

Have you ever implemented a solution where onboarding completes and you're suddenly on your own to figure out the inevitable questions about it? That's frustrating and in the cybersecurity space, that can lead to unexpected gaps. This is why the CylanceMDR onboarding process is not a one-off engagement. Once onboarding is complete, the Cylance SOC takes over for ongoing monitoring and response and the engagement doesn't end there.

Your Engagement Manager continues to provide support through quarterly check-in meetings, where your security posture is reviewed, unprotected systems are identified, and new features are configured. This continuous engagement approach ensures that your organization remains protected and that your security environment evolves to meet new challenges. With CylanceMDR, you will never go it alone.

Conclusion

Managing cybersecurity can be a significant challenge, but the right MDR solution will rapidly improve your security posture and processes. The CylanceMDR white glove onboarding experience, powered by a team of experts, is a key differentiator in the crowded MDR market, offering your organization a continuous, hands-on approach that ensures you get the full value of your investment.

Related Reading

• 4 Key Benefits of CylanceMDR Pro and the "Bring Your Own Security Stack" Approach
• BlackBerry Recognized by Gartner as a Representative Vendor for Cylance MDR
• White Paper: Ensuring Business Continuity: A Comparative Look at Security Architectures

For similar blogs and news delivered right to your inbox, please subscribe to the BlackBerry Blog.

• Share on X
• Share on Facebook
• Share on LinkedIn
• Email

Back