Vendira has been fortunate enough to work with Alert Logic and various UK Service Providers in helping accelerate productisation of their MDR services into new Managed Service offerings. Here is our view of the benefits of Alert Logic for IT service providers, and the top things to consider when defining your managed service offering.
Let’s start with a brief look at the “why”, “what” and “how” of Alert Logic’s Managed Detection and Response services.
Why…. Ultimately businesses need to be confident that they and their customers are protected from today’s ever-evolving cybercriminals. For some they have legally obligations to ensure that their IT services are adhering to certain standards typically involving 24x7:
Threat detection and management
Security and compliance scanning (accounting for GDPR and PCI etc.)
Intrusion detection and response against todays sophisticated attackers
Secure logging supporting downstream audits and forensic investigations
Security Management, Reporting and KPI’s
Many more technical commitments such as Multi-Factor Authentication etc
It’s far from easy for service providers to reliably deliver on these requirements in a cost-effective manner when faced with a multitude of technology across hybrid cloud and multi-platform solutions. We have all seen the stories reported in the press and we know what’s make mainstream media is only the tip of the iceberg, IT security is now a board level business critical issue. Unfortunately for those without a comprehensive security solution, most security vulnerabilities and breaches remain undetected for months with incidents identified retrospectively typically as a result of a customer or 3rd party escalation.
Let’s just remind ourselves of the reality. There is a major skills issue see https://www.gov.uk/government/publications/cyber-security-skills-in-the-uk-labour-market-2020/cyber-security-skills-in-the-uk-labour-market-2020 , sourcing, developing and retaining such specialist skills can be quite a costly challenge for managed service providers. We would also dare say that most IT solutions are no-where near to reliably meeting today's recommended security practices. Can you put hand on heart and feel you are genuinely in a good place with your managed solutions? This coupled with the impact of security incidents for businesses is a big problem waiting to happen.
Fines from bodies such as the Information Commissioner’s Office (ICO) “maximum of £17.5m or 4% of total annual worldwide turnover for preceding financial year, whichever is the higher”.
Loss of revenue, contracts, investment and impact to share price
Damage to reputation, impacting current and future opportunities
Unplanned costly disruption of planned work and derailment of strategic projects
Potential for major legal fallout and all associated costs
Reactive decisions and costly efforts in identifying and plugging holes
An Example Equifax 2017 breach as of Jan 2020 estimated to cost then $1.38 billion https://www.darkreading.com/attacks-breaches/2017-data-breach-will-cost-Equifax-at-least-$138-billion-/d/d-id/1336815 with more costs still to come.
The graph shows Equifax stock price impact initially in Aug 2017 and again in Oct 2018 as a result of downgraded confidence and cost impact realisation amongst tougher market conditions.
What.. Alert Logic has built innovative “security services” in the form of a Managed Detection and Response offering. Am glad to say this is not just a tool but an evolving cloud-based security service. This is different from most security vendors who are providing point tool-based solutions, requiring you to adopt and maintain numerous technologies from multiple vendors in order to deliver on the most common security needs as stated earlier. Below is an overview of the service tiers:
Designed for foundational security needs and bolstering the protection of endpoints.
24/7 hybrid cloud and multi-platform security scanning, reporting and Extended Endpoint protection solution
Signature-less machine learning to stay ahead of attackers and zero-day attacks in real-time
Asset discovery, Security, compliance and vulnerability scanning
Audit Ready reporting
Extended endpoint detection and response complementing Antimalware detecting anomalous behaviour
Building on MDR essentials, designed for business-critical infrastructure a security service solution providing managed threat and intrusion detection and response services. Coupled with enhanced Cloud CIS benchmarking and unique support for serverless container compute solutions.
MDR Essentials + 24/7 Expert Threat Management via Alert Logic SOC Security Analysts with 15 min response
Named MDR Security Analyst Concierge helping stay informed and secure
Microsoft O365, Azure and AWS discovery and CIS Security configuration Benchmark auditing
Container and Serverless compute network Intrusion detection and log management across the major cloud providers and on-prem.
For businesses requiring enhanced proactive expert security assistance in maximising security.
MDR Professional + Designated Security Expert, a proactive security expert within Alert Logic’s Security Operations Centre (SOC). Building an understanding of the in-scope solutions as well as relationships to become an extension of your team.
Providing in-depth individualised evaluation, protection and custom response services into data exfiltration and discovery of Advanced Persistent Threats.
Advanced Threat Hunting, using specialist tools and methods including looking for compromised credentials on the DarkWeb.
Tailored reporting and consultation including daily proactive reviews, weekly meetings and annual reviews to tune and strengthen your security posture.
Managed Web Application Security Services, protecting those ever so critical and public-facing web sites, services and applications.
The team at Alert Logic have created a MDR manifesto a useful resource for those interested in MDR.
How…Alert Logic has and continues to make significant investment so you don’t have to, providing key security services without burdening you with specialist tooling and the need for 24/7 advanced security skills. Alert logic’s services remove complication and provides service value via expert resources underpinned by innovative technology and coupled with an easy to use multi-tenant service provider management and reporting portal.
Alert logic’s innovative security scanning and detection technology is inter-combined with their Advanced Security Operations Centre (SOC) staffed with 150+ security experts including
Data scientists within the advanced SOC who develop and train algorithms to detect advanced, multi-stage threats
Security researchers who replicate attacks to test how to better prevent, detect and remediate
Security content developers who test, implement and continuously improve detection and blocking logic such as signatures and rules
Threat intelligence analysts who look for changes in attack landscape and to understand the latest trends in how adversaries are operating.
So why is this a great opportunity for Managed Service Providers?
In-short the benefits include
A quick way to protect your clients and increase revenue via such a highly regarded quality security offering
A relatively straight forward job to become operationally ready with a sensible approach
Is an enabler to win deals that may have previously been out of reach
The sales cycle is typically 1 week to 3 months
Average order of £84k ARR + setup and managed services revenues for those that provide value add
Simplified and easy to sell service tiers with multi-platform support
Healthy resale margins increasing with volume subject to agreement
Reduction in lifecycle and vendor management overheads of point tool-based solutions
Unburdening and improved security enablement of your operational resources, effectively achieving more with existing skill levels.
Tiered offering providing a good level of technical and commercial flexibility to meet client’s needs
Some considerations in defining your service
Clearly define your service offering including the value add you are providing and how they align with other security services you may offer
Be sure to define and agree your service operating model with all stakeholders
Ensure training targets are set and managed to completion
Ensure you have a standard cost and pricing model that deals with scale
Ensure your standards are clear from design through delivery to ongoing service operation and management
If you require assistance in accelerating the productisation of your Alert Logic based security offering get in touch with us at Vendira.