Partner Perspectives: Siemplify & Carbon Black Create Competitive Solution for MSSPs

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Meny Har is the VP of Product for Siemplify.

Advanced threats and an ever-evolving competitive landscape have created an increased demand for managed security services. Organizations of all sizes are turning to managed security services providers (MSSPs) to help them to effectively manage their security stacks and monitor their environments. With this demand – which drove 9.5% market growth in 2017 – MSSPs are working harder than ever to deliver the most effective and accurate domain-based services so they can remain competitive and capture market share.

Endpoint Detection and Response + Security Orchestration Fuels MSSP Growth

Further adding pressure to traditional MSSPs is the growing managed detection and response (MDR) market. MDR services are fueling significant growth in the managed security services space and are typically more profitable than traditional MSSP device-management services. The result? MSSPs around the world are maturing their models to offer more high-value services and grow their bottom lines.

To effectively offer these new services, MSSPs must streamline device management and security operations, develop advanced detection and remediation capabilities, and improve client visibility and reporting. As such, when MSSPs create plans for their next-generation of service offerings, it is clear that two of the most important components will be security orchestration, automation and response (SOAR) and endpoint detection and response (EDR).

Siemplify’s SOAR platform has integrated EDR and threat hunting capabilities from Carbon Black. This integration enables MSSPs to leverage EDR, data collection and incident response capabilities from directly within the Siemplify platform.

 

Unify and Empower MSSP SOCs through Orchestration

The average enterprise security operation center (SOC) has products from 32 different security vendors deployed in their environment. Multiply that across the client roster of an MSSP and it’s easy to see why their security talent is spread so thin.

MSSPs are expected to be ready to effectively manage and monitor whatever tools their clients bring to the table from day one. Hiring additional personnel isn’t always possible, as it quickly drives up overhead costs and ultimately doesn’t scale, and training existing talent often eats away at the time analysts would be using to provide services to their clients.

SOAR platforms provide a unifying fabric to manage multiple technologies. Implementing a SOAR platform eliminates the need for analysts to have a deep understanding of each individual tool. This means analysts only need to be experts in the use of a single platform, which enables them to manage and orchestrate activities across a myriad of tools. This allows MSSPs and their clients to unleash the full potential of the tools in their security stack, including EDR, threat intelligence and more.

Additionally, a SOAR platform can act as the central workbench for analysts in an MSSP SOC. This centralizes day-to-day operations, bringing investigation and response processes into a single console alongside case management, reporting and more. Operating out of a single workbench allows analysts to focus on triaging alerts and responding to real security incidents for their clients, while automating critical processes such as data collection, contextualization and customer notifications.

 

EDR Improves Effectiveness of MSSP SOCs

For organizations not using an EDR product, such as Cb Defense, researching and responding to threats is a daunting process that heavily relies on manual processes. With limited access to endpoint data and context, threat analysts – particularly in MSSPs – have few choices other than to open a ticket and delegate the research to others with access to the targeted machine.

This process significantly increases the time it takes for an analyst to gather the data points needed for an investigation, which drives up an attacker’s dwell time, increases mean time to respond (MTTR) metrics and can compromise the analyst’s ability to abide by the customer’s service level agreement.

With EDR capabilities integrated into their SOAR, analysts are able to detect more threats and query endpoint data in real time. Armed with vital endpoint context, MSSP SOC teams can get to the root of threats more efficiently.

 

Harnessing the Combined Power of EDR + SOAR

Because both EDR and SOAR solutions are designed to improve the quality and speed of incident response, integrating the two allows MSSPs to deliver valuable and highly-effective offerings. Through integrated EDR and SOAR solutions, such as the integration created by Siemplify and Carbon Black, MSSPs can gain market share and offer increasingly efficient and effective security services.

The collective strength of EDR and SOAR manifests in four key areas:

 

  • Context-Based Analysis:
    A SOAR platform combines all of the agents in an organization’s security ecosystem – including EDR, SIEM, threat intelligence feeds and vulnerability management – into one cohesive work space. Being able to bring alerts together in a single platform provides MSSP analysts with complete visibility and vital context so they can instantly understand the purpose and role of any client asset. Armed with this information, MSSP analysts can be more efficient, conduct deeper investigations and eliminate false positives.
  • Response Beyond Detection:
    Traditional MSSPs often function as an alarm systems for their clients, alerting them when a security event is detected in their environment. However, after bringing the incident to the client’s attention, they must leave it to the client to respond and perform remediation efforts. By bringing the capabilities of EDR and SOAR together, MSSPs are able to be more than an alarm system for their clients.

    Equipped with the deep insights and remediation capabilities of an EDR solution, such as Cb Response, MSSPs can investigate more deeply and create a complete picture of a threat. By integrating EDR agents into their platforms and engaging them when a threat is detected in a client’s environment, MSSPs can offer additional attack context as well as perform response and remediation efforts, adding value to their client’s investment in their services.

  • Proactive Monitoring: 
    When SOC analysts are consumed by the management of disparate tools and false-positive alerts, there isn’t much time left for proactive efforts like threat hunting. By implementing a SOAR with integrated EDR capabilities, MSSPs can automate routine tasks such as data gathering and addressing false positives. This frees-up time and resources to dedicate to additional service offerings, such as proactive threat detection and response. Additionally, combining these technologies enables analysts to create automated flows to hunt new threats and operationalize threat intelligence at scale.
  • Robust, Real-Time Reporting:
    MSSPs are constantly under pressure from their clients to demonstrate value. But trying to provide visibility to dozens of clients when data must be gathered manually and from disparate tools is cumbersome, time-consuming and costly. SOAR platforms armed with context from EDR agents and other tools provide the turnkey, automated reporting and performance indicator measurement needed to satisfy even the most demanding MSSP clients.

 

How traditional MSSPs manage the growing expectations of clients over the next couple of years will determine those that will remain competitive and thrive, and those that won’t. For MSSPs focused on rapid and scalable growth, enabling their SOC with an integrated EDR and SOAR platform can be the catalyst they need to add differentiated, high-margin service offerings, which enable them to market themselves as a worthy investment for those looking for an MSSP.

To learn more about the Siemplify SOAR platform, visit Siemplify.co.

Find out more about pre-integrated solutions from the Carbon Black Integration Network here.

The post Partner Perspectives: Siemplify & Carbon Black Create Competitive Solution for MSSPs appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
108 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel