Trustwave is adding Devo Technology’s cloud-based SIEM tool to its managed security services, the latest move by the Chicago-based company to expand the capabilities offered through its platform.
The technology partnership announced this week will enable Trustwave to offer an expanded managed extended detection and response service called Trustwave MXDR with Co-Managed SOC for Devo.
It comes more than four months after Trustwave, a MSSP Alert Top 250 MSSP and Top 40 MDR company, merged with Cybereason and folded that firm’s endpoint detection and response (EDR) platform into its own security services offerings. Almost a year ago, Trustwave unveiled its threat intelligence-as-a-service offering.
It’s part of an industry-wide trend among cybersecurity vendors and services providers to offer platforms with broad and tightly integrated security tools to companies that are being overwhelmed by the complexity and speed of modern cyberthreats and don’t have the talent or capability to continue buying, integrate, and managing dozens of point products.
A Lot of Security Tools
Gartner analysts in a report late last year noted that the average organization has 43 security tools, with 5% having more than 100 tools. In a survey, 69% said the number of security products they use increased between 2022 and 2023.
A survey published this year by Palo Alto Networks and IBM found that organizations are trying to manage an average of 83 security solutions from 29 vendors, with 52% of respondents saying that such a fragmented environment is hindering their ability to address cyberthreats. That said, 75% of organization that have adopted security platforms said better integration across security, hybrid cloud, AI, and other technology platforms is important.
Palo Alto has been banging this platform drum for a while, with CEO Nikesh Arora writing last year about the need for near-time resolution of security incidents at a time when bad actors are using AI in their attacks, which means security teams struggling to integrate multiple products and find needed talent are falling behind.
“There is a growing mismatch between speed of an attack and the speed of resolution,” Arora wrote.
Trustwave-Devo partnership also touches on another trend, where major players are looking to work with smaller organizations, according to Jack Gold, principal analyst with with J. Gold Associates.
“The companies concentrating on the lower end of enterprise and SMB are increasingly ‘bulking up’ through partnerships and acquisitions,” Gold told MSSP Alert. “All of this shows a consolidation in the security space as companies struggle to try and manage the sometimes overwhelming needs with potentially hundreds of different specialized components they have in place.”
Shifting the SIEM Burden
Trustwave made that point in a blog post accompanying the Devo news, writing that “by hosting and managing the Devo SIEM, Trustwave eliminates the burdens of SIEM ownership, such as infrastructure, licensing, configuration, and maintenance. This allows organizations to focus on their core business while benefiting from enterprise-grade security monitoring and threat intelligence.”
Many organizations don’t have the expertise, resources, or experience security pros to manage SIEM in house, are dealing with large numbers of alerts, and are trying to keep up with an evolving threat landscape that includes increasingly sophisticated cyberthreats.
“The Trustwave-Devo partnership helps alleviate these challenges by offering a managed SIEM with expert-driven SOC [security operations center] capabilities, ensuring businesses can detect, investigate, and respond to threats 24/7 without the high overhead costs,” the company wrote.
Broad Platform Capabilities
Devo, based in Cambridge, Massachusetts, offers a cloud-based data security platform that pulls in information from organizations’ endpoints and on-premises and cloud environments and offers services that include SIEM (security information and event management) and SOAR (security orchestration, automation, and response).
Along with Trustwave’s MXDR threat detection, investigation, and hunting capabilities, the new offering with Devo includes SIEM-as-a-service, predictable pricing, rapid deployment, and quick integration with a company’s existing security infrastructure, the companies said.
It also includes AI-based security data analytics that drive real-time threat detection and enable companies to correlate security incidents across hybrid and multi-cloud environments.
These are necessary capabilities that make the offering “a compelling alternative to traditional SIEM deployments, offering a comprehensive, managed, and hosted SIEM with 24/7 expert support,” Trustwave executives wrote. “This partnership sets a new standard for next-generation managed security services, enabling organizations to defend against cyber threats with confidence and efficiency.”
