Guest blog courtesy of LimaCharlie.
Imagine being able to offer your customers instant value for selecting your MSSP over others. This sounds like a tricky proposition, given that organizations seeking managed security solutions can be extremely diverse. What could a medical institution need that would also benefit an energy company? Where do the needs of a tech startup and a dairy farm intersect? Ultimately, you’re the best judge of your customers' needs, and you need tools to turn that knowledge into fast and scalable services.
Take Two Steps Toward Greatness
Many MSSPs spend money on maintaining a suite of security tools and retaining a staff skilled for operating them. When it comes to recruiting business, they have to work around wonky contractual clauses and licensing terms set forth by third-party vendors. When a customer signs a contract with these MSSPs, the rollout into their environment can be complex, and unexpected issues may arise. The customer is hungry to see value in their purchase and reap the promised benefits, but it takes time to get everything in place.
However, imagine your services were set up on pre-configured templates that you could instantly deploy into any customer environment. How great would it be to deliver NIST or HIPAA-compliant security to your customer as soon as the contract is signed? This is possible, but two things have to happen first:
- Your tools, threat telemetry, and third-party feeds must be managed from a central location.
- Your security tools and resources need to speak a common language so they can integrate and provide context for launching automated responses.
Adopting a single cloud security platform has the added benefit of streamlining the amount of expertise needed to conduct operations. Think of the time and costs required to train security engineers to manage your tools and services. Wouldn’t it be easier to train them on a single interface that handles your security tools, threat feeds, and endpoints collectively?
The SecOps Cloud Platform Brings Everything Together
Embracing cloud services revolutionized the way software engineers operated. The SecOps Cloud Platform (SCP) offers similar advantages to cybersecurity professionals. For software developers, the cloud alleviated the heavy burden of managing infrastructure and maintaining in-house resources. This allowed them to focus more time on coding. The SecOps Cloud Platform delivers a similarly flexible infrastructure to cybersecurity specialists, freeing them to spend more time working on security issues.
The platform’s API-first approach is key to its effectiveness and interoperability. The SCP speaks to anything with an API interface and comes preconfigured with access to several major security resources. These include 100+ cybersecurity capabilities and integrations with Velociraptor, YARA, Sigma, Zeek, Atomic Red Team, and other major cybersecurity properties. The SCP deploys endpoint sensors to Windows, macOS, Linux, and Chrome. It also integrates with popular security vendor products such as Crowdstrike, Sentinel One, Trend Micro, and others.
While integrating security resources is an important step, managing them from a centralized location is equally critical. The SCP acts as a command center for aggregating threat telemetry and controlling the diverse resources that make up your security stack. The platform allows bi-directional communication between security tools, which is vital for implementing automation. With bi-directionality, you can write automatic response actions that trigger when specific threat indicators appear in a client’s telemetry.
The ability to write automated detection and response (D&R) rules specific to your customer’s business is a powerful capability. It moves your MSSP beyond offering a binary check-box security style and opens the door to granular control of the environment. You can specify which telemetry to watch and which to omit. You can create multiple levels of threat risk severity, each with its own D&R rules, rather than being locked into a simple pass/fail approach.
Standardizing Deployments
Once your security resources speak a common language and report to a single location, creating reusable templates is easy. For example, suppose there is a security request that is common across your customer base. Perhaps everyone wants you to block traffic to known malicious C2 infrastructure and alert them when traffic goes to suspicious sites. You can simply write D&R rules that automate this activity and roll it out to every client.
This same tactic can be applied as broadly as you wish, with each D&R template provisioned according to your customer’s needs. For example, you might want to create templated rulesets for:
- SSH/RDP coming from an external address
- Suspicious Windows executable names (like double extensions)
- Scanning new processes
- Preventing duplicate or spurious telemetry reporting
- Customizing the reporting of YARA detections
- Classifying the relative risk of various network communications and connections
These are a few simple tasks among many that you could automatically roll out to new customers. Having the capability to do these simple things can also lead to doing much more complex tasks. For example, if your customer base works largely with public institutions, you could craft extensive rules to make their organizations NIST compliant.
With SecOps Cloud, the Sky’s the Limit
The SCP offers MSSPs an opportunity for limitless customization, a capability that will greatly differentiate you from your competitors. Much like traditional cloud platforms, it does not create the final product for you. It allows security professionals to integrate existing tools, ignore cumbersome infrastructure management, and create elegant solutions that work exactly as intended.
In its most basic form, the SecOps Cloud Platform greatly simplifies security resource management, personnel training costs, and eliminates challenges posed by vendor lock-in. This makes the platform a good fit for MSSPs of any size. However, in the hands of dedicated security enthusiasts, it throws open the doors of possibility and creates the opportunity to do cybersecurity in new ways.
