Threat Detection in a Changing Market: A Conversation with MSSP Sword & Shield
Recently, I had a chance to speak with Jason Graf, director of managed security services for Sword & Shield Enterprise Security, a top Managed Security Services Provider (MSSP) based in Knoxville, Tenn. We talked about the evolving threat landscape and the challenges associated with detecting and analyzing ransomware and other emerging threats on a daily basis.
Graf started the discussion by providing context around Sword & Shield’s business, which has been protecting critical data for mid- to large-size companies for more than 20 years. The company started focusing on managed security services five years ago as attacks became more sophisticated and burdensome for companies. The MSSP’s core business is to provide 24/7 detection and response capabilities against cyber threats for its customers.
“Sword & Shield combines expert analysts, proprietary processes and advanced technology to protect our clients around the clock, 365 days a year. We take this responsibility seriously, so we only use technology that is up to the task,” said Graf.
Graf went on to explain that Sword & Shield’s managed security services also helps companies to achieve industry compliance: “Compliance is a key driver of our services, particularly for companies in the healthcare and retail industries that need to satisfy regulatory and industry requirements.”
Graf said the Sword & Shield team of security analysts monitor from 1,000 to 20,000 assets per customer environment–every day. That’s a lot of assets! Not only are there more assets than ever to monitor today, but security threats are also getting more complex and harder to detect.
Sword & Shield relies on AlienVault Unified Security Management (USMTM) to detect and analyze their customers’ threats. USM includes built-in security controls and continuous threat intelligence updates from AlienVault Labs to simplify threat detection and incident response. A unified approach to security monitoring eliminates the need for Sword & Shield to manage multiple solutions, saving time and money.
Sword & Shield also leverages threat intelligence updates from AlienVault’s Open Threat Exchange (OTX), which monitors emerging threats from all over the world. By leveraging USM and OTX, Sword & Shield can focus on delivering value to its customers through threat detection and SOC data analysis to more rapidly grow its managed security services.
Graf likes the comprehensiveness of USM as compared to other security solutions. He explained that it goes well beyond just providing traditional capabilities of SIEM and log management. “While other providers offer point solutions,” he said, “AlienVault’s USM provides a holistic, unified solution with essential capabilities including intrusion detection and vulnerability management.”
For Sword & Shield, pinpointing where hacker command and control communications are before they are used for malicious activities is important. The MSSP can consolidate their alarms, vulnerabilities and configuration issues into a single view through USM Central, our threat management console available with the USM platform. A consolidated view of the threats detected in its end customer environments enables Sword & Shield to work more efficiently and respond more quickly to any security incidents detected.
Graf is seeing a demand for cloud security monitoring as Sword & Shield customers migrate more of their infrastructure to Amazon Web Services and Microsoft Azure. The MSSP works with its customers to configure their cloud environments with the right security controls to protect against threats.
Cloud security monitoring brings added complexities because service providers need visibility into both cloud and on-premises environments. This requires aggregating data from different logs, ensuring there is enough storage to support it, and integrating with business applications such as Microsoft Office 365, for monitoring.
Sword & Shield is currently implementing AlienVault’s cloud-based security monitoring platform, USM Anywhere TM, to manage threat detection across all environments. USM Anywhere continuously monitors, collects and analyzes data from cloud and physical networks.
“I’m excited about utilizing USM Anywhere to tap into our customers’ cloud infrastructure for comprehensive visibility,” said Graf. “The SaaS platform simplifies cloud security monitoring and will enable us to offer new services, providing added value to our customers.”
I look forward to checking back in a few months with Graf to get further insights into the current threat landscape and talk about the benefits Sword & Shield has realized by using USM Anywhere.
For more information on AlienVault’s MSSP partner program, please click here.
This guest blog is part of a Channel Futures sponsorship.