What needs improvement with Binary Defense MDR?

We are going to have a meeting with them the following Monday. It will be our first quarterly business review. Half of it is going to be looking at new products and new functions that they are bringing out. So far, I do not have anything negative or a concern. There were two small mistakes that the technician made, and they were remedied immediately. Once we brought them to their attention, they were remedied. I do not have any complaints. They were just simple mistakes that anybody could make, and their response was a positive response. So far, I have not had anything negative to say. The only area for improvement that I can think of relates to statistical analysis for SLAs. They are in the middle of moving to a new product called D3 which is going to do some backend work for them. I know they are working to improve some of the help desk statistics, such as the time the tickets open and the time they are closed. They are working on that function. It is going to be resolved in the next month or two. We have service level agreements with them, but they can use improved statistics for service level agreements. This is the only point of improvement I can identify.

Sometimes, something may not install right; however, whenever we have challenges, they are very solution-oriented and ready to figure things out. While my understanding is that they're working on this, I would like to see some more of the quantification or reporting. They're working on better detecting the impact they're having and what they're working on. That's an area they should continue to focus on. Having those metrics will be valuable. They just need to continue to be focused on Open MDR, and on being open to many tools and being broadly compatible across tool sets if possible. That's unique, and it is a differentiator in the marketplace.

The only area I see for improvement with Binary Defense is their service portal. It could benefit from some enhancements.

In terms of improvement, Binary Defense MDR could be even better with additional features, like automatic scans and file quarantine.

It's hard to think of anything that they need to improve on, but just to point out something, I would like to see them provide advanced XDR.

It's sometimes difficult to know when to engage Binary Defense or TrustedSec, their sister company. TrustedSec is more focused on offensive security, as opposed to the defensive security that the MDR solution provides. It would be awesome if there were a better bridge between that relationship for when we need to get more proactive services or when we need to do a penetration test. If that entire account team was managed together, that might make it a little bit easier. It's because they are two separate companies that there's any difficulty whatsoever.

We should be able to isolate devices faster. They should shorten the time between clicking on a device to contain it and carrying out the action. That would be a welcome improvement.

Historically, Binary Defense MDR did not have a strong ability to integrate with other applications or solutions. However, they are currently undergoing a transformation driven by previous issues, where there was a need for capabilities to streamline operations. As a result, they are in the process of implementing additional solutions that will enable integrations with other platforms and applications. The current reporting system could benefit from improvement. It would be helpful to have regular reports that provide value and clearly demonstrate the team's accomplishments over the past month. This should include information on resolved issues, metrics, and any additional details that highlight the team's contributions.

This is my third SOC. I have never had anybody react as well. So, it's hard for me to provide something that they could do better because I'm really happy with them. I just signed another three-year contract with them. I don't find any downside to them, but if I have to put one, it would be consistent manpower or staffing. The only area where the solution can be improved is going to be with people. As they grow, they are struggling with the same thing that every other company is, which is getting talent and getting that talent to stay, but they've just revised their tiering system to go from a flat analyst and manager to a three-tier solution where it goes through two or three before it gets elevated. That seems to have worked out well, so if one level misses it, the next one picks it up, and it works out fine. Consistent staffing is the only challenge they have because when you're hiring level-one analysts, you go through them pretty quickly. You'll probably hire them at 50K or 55K, and after they do it for a year, they find out they can make 85K somewhere else, and they bounce. So, their turnover is a little high, but that's it.

Their integration with other applications and tools is not something I would call a complaint, but it is something they need to work on. In my experience, a lot of our integrations are done through APIs. A lot of what I've seen so far from Binary Defense—not all of it—seems to be beta integrations. For example, their Duo and Proofpoint integrations aren't really what I would call ready for production. They have probably been working with those vendors to work out the kinks, but they're really not 100 percent production ready. And while there isn't really anything valuable we would get from Duo from a reporting standpoint, sometimes Proofpoint's SIEM tool or SOC can see something that might be valuable. We already get alerts from Proofpoint, so it's not a "make or break", but I have given this feedback to Binary Defense: This is something that should go the API route. Their Microsoft integrations are top-notch and they do some third-party stuff really well for log ingestion, but I would like to see Binary Defense's development team change over to an API connection, versus how they do it today. Also, if I were shopping for an MDR solution today, I would not only look for a company that has the ability to alert, detect, and remediate, but also the ability to integrate vulnerability management. That's a big thing that they're lacking today. We offset that with another product, but that should be part of their product offering. I've given this feedback to our account manager too. Another point is that maybe they should have their own SIEM offering. Today, they offer AT&T's AlienVault, which is a good product in its own right, but it's not something that they offer directly from themselves. It's the same thing with Azure Sentinel. They just started offering that as a product you can buy as part of their service, but it's not their own SIEM. I would be interested in seeing them build out their own SIEM and offering that as a product you could buy. That would be very valuable to their customers because they would not have to rely on their folks learning another system.

The most significant area for improvement is in support for non-English speakers; we're a global organization, so many of our users are not English speakers, which can make interacting with them a challenge. There's no Chinese language support, so we must rely on what we can do with the internet. We don't expect Binary Defense to build a language staff, but details can get lost in translation when we assume the whole world speaks English.