MSSP Top 250 company CyFlare is taking a new approach to its cybersecurity — a framework called Cyber Security Mesh Architecture (CSMA)
What is CSMA and why is it so important to a Master MSSP like CyFlare?
Traditional security models often focus on securing the perimeter of an organization. But with the rise of cloud computing, remote work and mobile devices, the perimeter is no longer well-defined. In essence, CSMA offers a framework to manage security in an era where digital transformation and distributed environments are the norm.
CyFlare applies CSMA principles by integrating and coordinating multiple security tools to enhance its cybersecurity operations, CyFlare CEO Joe Morin told MSSP Alert. In essence, CSMA allows CyFlare to move beyond the limitations of traditional security perimeters.
What is Cyber Security Mesh Architecture?
CSMA effectively creates a distributed, identity-centric security framework that adapts to the increasingly decentralized and cloud-based IT environments.
“The key thing for us is that we don’t make the tools customers use,” Morin said. “We bring them together and make it better. So, whether it’s Stellar Cyber’s flagship XDR tool we’re using, we’ll deploy to basically acquire data, correlate security events and raise it to the SOC.”
CyFlare’s approach, particularly through its managed extended detection and response (MXDR) services, embodies CSMA by integrating various tools and technologies across the digital landscape, according to Morin. He explained that this integration enhances interoperability, enabling real-time threat detection, improved alerting and swift response mechanisms across different security layers.
CyFlare also focuses on breaking down silos between security tools and teams, promoting a more unified and cohesive defense strategy. And by utilizing CSMA, CyFlare aims to deliver more proactive and context-aware security measures.
“We’re the ones that can go into any account, and so long as there’s an API, connect to the tools that they have, bring it into the SOC and very consistently triage those investigations and allow for more response actions," Morin explained.
CyFlare’s go-to-market strategy primarily involves MSPs and small to medium-sized enterprises.
“The reason we’re winning is that MSPs can literally take whatever their tool stack is and still enable the SOC,” Morin said. “Unlike cybersecurity vendors where you have to deploy their tools, they’re going to connect and monitor their systems. And if you don’t like the service, but you love the product and vice-versa, you’re stuck with both, or you have to throw the baby out with the bathwater.”
For instance, if a CyFlare customer wanted to remove themselves from CrowdStrike overnight, they could.
“That doesn’t change the contract,” Morin said. “They just submit a support ticket, and we connect with new API keys and we’re off and running. So, our customers can have all this freedom when it comes to the tools they’re using.”
How CyFlare Delivers CSMA Service
Gartner states that it will take 10 years for CSMA to be a mainline strategy and there are currently no vendors doing this, although there are several platform companies attacking CSMA, including Palo Alto Networks, Checkpoint, CrowdStrike and Fortinet. CyFlare is on its way to joining this group.
Morin believes there is a real need for an open vendor that allows for flexibility of tools, as CyFlare’s partners and customers have the ability to flex according to business changes and tech capabilities. Therefore, leveraging an open connector ecosystem to stop threats accurately and in as little time as possible is imperative for all organizations.
CyFlare currently offers an open SOC service for the enterprise and MSP community with its ONE-Converged Security Platform. In 2025, CyFlare plans to launch “HERO,” an AI-driven open platform that can function as chief information security officer’s (CISO) operating system, contextually speaking, thereby understanding the organization’s policies, procedures, people and technology.
Morin explained that HERO is designed to give CISOs peace of mind that nothing will slip through the cracks and make compliance audit reporting significantly leaner. It also offers simple compliance audit reporting and executive score carding spanning all major security categories, in addition to AI-based security budget modeling to improve a CISO's security spend against risk tolerance and business conditions.
More About CSMA
While there are 15 CSMA categories, there are actually two pillars, according to Morin. One pillar is security risk management, and the other, cyber performance management, is where Morin says he’s “super pumped.”
“We’re now in an answer economy from a cyber managed perspective,” he said. “People want prompts. They have questions every 30 seconds. They can’t be logging into 70 tools or have their team members extract data and put it into PowerPoint, Excel or a PDF because by the time you get it, it's so old that it’s not relevant. Our notion is to connect to these tools and leverage AI to read your policy and produces to suggest policy items that are missing.”
The key concepts of CSMA include:
- Decentralized security. Unlike traditional models that focus on securing the network perimeter, CSMA focuses on securing individual assets regardless of location.
- Identity-centric security. CSMA emphasizes the importance of identity as a critical component of security. It ensures that identities, both human and machine, are authenticated and authorized consistently across different environments.
- Scalable security controls. With CSMA, security policies and controls are no longer tied to a specific location but are dynamically applied to wherever the assets or users are. This allows for scalability and flexibility in applying security measures across a distributed environment.
- Interoperability and integration. CSMA promotes interoperability among various security tools and systems. It supports integration across different security services, enabling them to work together in a coordinated manner. This is crucial for detecting, responding to, and mitigating threats across diverse environments.
- Enhanced threat detection and response. By leveraging a distributed and interconnected security framework, CSMA enables faster and more accurate threat detection and response. It allows organizations to gain a more comprehensive view of their security posture across all environments.
This article was written with the assistance of Chat GPT.