Security as a Service? Making managing a complex threat environment look easy.

Intellyx BrainBlog for Securonix by Jason English

Comprehensive, proactive, responsive security practices were once the exclusive realm of larger companies and government institutions, with the capital and personnel to invest in running SecOps control rooms staffed with security experts.

Fortunately, those centralized control days are long gone. We are erasing the borders around the corporate datacenter and moving most of the applications we rely on outside of the four walls of the business.

We’ve seen the rise of SaaS-based solutions like ServiceNow, Office 365, Google Apps and Salesforce, as companies replaced the on-premises operations software and IT infrastructure that used to support core business functions.  Businesses are perfectly comfortable offloading IT functions to on-demand services.

Now security is ready for adoption in this service-based, pay-as-you-go model. In a distributed computing environment where the network edge is literally anywhere, how can such a change be made without introducing unacceptable risk?

The next frontier: Service-based security

We’ve seen that most companies, especially in the SMB or mid-sized profile, will naturally avoid the model of owning and maintaining software in-house wherever possible, and IT security is no exception. After all, why should a company staff up with additional costly and hard-to-find security professionals to deal with an increasing load of alerts and updates, if cybersecurity isn’t their core business differentiator?

Still, security is such a critical function, and so rife with risk in today’s threat-filled world, that no company can afford to leave their apps and data open to attacks while attempting to offload security, nor wait for a long transition period to self-implement a modern security platform.

At such times we are seeing companies turn to skilled third party IT service partners, or managed security-as-a-service providers (MSSPs) who can help the company punch above its weight in security at higher cost efficiency.

The MSSP offers the company a turnkey service, backed by transition experts with knowledge earned in previous security projects, arriving with the appropriate security platform in hand. The partner also provides additional support after the transition to reduce the employee hassle and overhead of managing and remediating security alerts.

Under this new procurement model, companies can move from a brittle, self-managed security perimeter into a modern, SaaS-based security approach backed by specialists — while simultaneously reducing cost and risk. Why does this work out so smoothly?

Paving the way for the MSSP

MSSP partners might call themselves solution integrators, or cloud service partners (CSPs) but they all share a common desire to bring the most current and updated security tools to bear on their client accounts.

But these partners don’t want the risk of paying up-front costs for security tooling, unless the tools are being engaged for paying clients. This is why an on-demand, cloud-based SIEM (security information and event management) platform like the cloud-based model offered by Securonix makes economic sense, as pricing can be adjusted on a pay-for-what-you-use basis.

Security-as-a-Service allows the partner to better serve a growing base of clients, as the cloud-based SIEM platform can scale up to meet demand, without requiring more outlay for infrastructure and network costs.

With configuration, maintenance and patches handled by the platform provider in the SaaS environment, the MSSP’s resources can remain more focused on tracking and resolving the more severe alerts. They can start applying rules-based automation to further reduce the labor burden of dealing with routinely resolved Tier 1 and Tier 2 alerts for their clients.

Only the most severe security alerts need to be brought to the attention of the MSSP’s end clients – and that’s exactly how they want it.

Landing on solid footing at a real estate company

This mid-sized real estate development firm with around 3,000 employees, is focused on innovative master planning and management of properties.

While the need to manage and secure all the business and customer data and documents flowing through the company is paramount, it really isn’t the reason why they are in business. With only a handful of IT employees inside the business and an on-premises security solution in place, the few available InfoSec cycles were being eaten up by the need to manage upgrades and security patches.

In other words, they were struggling to keep the lights on, and reacting to hundreds of alerts a day, many of them redundant or false positives, rather than proactively monitoring and managing the real threats.

Working with Securonix, they moved their SIEM and UEBA (user and entity behavior analytics) packages to their cloud-based SaaS model, and brought in a qualified managed service provider on their partner program who was fully certified in managed threat detection and response using the platform.

Now this real-estate company’s once-strapped InfoSec team can keep their eyes on the glass for critical issues, and let their managed service provider remove the busy work, using the service-based platform deal with all of the upgrades, patches and low-priority alerts they once fielded.

The Intellyx Take

As with many other IT functions that were once thought too critical to move to SaaS, we’re seeing that security platforms like SIEM and UEBA are poised to move to a primarily cloud-based, SaaS offering.

Security has to go to the cloud anyway, since the secure edge of business interaction is no longer defined by the perimeter of a corporate data center.

Cloud security has matured and the skills and expectations of qualified MSSP partners are much more certain. They can now leverage platforms to provide country-specific clouds and industry-specific high trust clouds that offer compliant and secure data handling and management.

But best of all, the shift to Security-as-a-Service delivered by partners gives even small and mid-sized companies the ability to realize enterprise-grade security that is always on, monitored, and updated to answer the latest threats. No blockbuster migration project required.

©2019, Intellyx, LLC. Intellyx retains full editorial control over this content. At the time of writing, Securonix is an Intellyx customer. Image credit: Michael Coghlan, Security Olympics, flickr (bluefug composite).

Securonix Threat Labs Monthly Intelligence Insights – May 2024
Securonix Threat Labs Monthly Intelligence Insights – April 2024
Securonix EON Takes Center Stage at Record-Breaking RSA Conference
What is Going on with the SIEM market?