BLACK HAT USA — Secureworks is using this week’s Black Hat USA 2019 conference in Las Vegas to release its new Red Cloak Threat Detection and Response (TDR), the company’s first of a planned suite of SaaS-based software offerings announced earlier this year.

In a new twist, Secureworks said it has added a managed services option to the Red Cloak TDR software including around-the-clock, live interaction and advanced response from the company to detect threats and malicious events.

Red Cloak TDR is the outgrowth of Secureworks’ latest effort to expand beyond its core business as a large managed security services provider (MSSP). Secureworks, controlled by Dell Technologies, has embarked on a new strategy to scale the threat detection and incident response capabilities it has historically offered as a large service provider for customers and other MSSPs.

“It’s 20 years of threat detection and response expertise, expressed as AI-enabled software as a service, fully automated,” said Dell Technologies chairman and CEO Michael Dell, back in April during the opening keynote at Dell Technologies World, where he revealed the Red Cloak TDR offering.

At the time, Secureworks said Red Cloak uses advanced analytics and AI by gathering data from endpoints, network nodes and applications to create a picture of an organization’s threat environment. The result is a reduction in false positives by tying together Secureworks understanding of threat-actor behaviors.

Secureworks’ Timothy Vidas

Timothy Vidas, senior distinguished engineer at Secureworks, described the latest managed detection and response (MDR) option added to Red Cloak TDR during an invitation-only event recently held by Dell Technologies in New York. Since revealing Red Cloak TDR at Dell Technolgies World, Secureworks has offered technical previews of the SaaS offering to select partners and customers, but now the company is officially releasing and announcing the MDR option, Vidas told Channel Futures.

Secureworks envisions Red Cloak’s new SaaS delivery option and now the new MDR option to expand the notion of the security operations center (SOC) by offering a hybrid approach for customers.

“Traditionally, all we often offered were services,” Vidas said. “Now we’re offering Red Cloak TDR as the first SaaS offering for customers and we’re getting to the point where we’re offering services on top of the software.”

Vidas added that Red Cloak TDR gathers telemetry and observations from event detections with what Secureworks calls detectors. The types of detectors vary widely, according to Vidas, who added that some of the detectors are expert-based and have finite rules. Red Cloak uses deep learning and processes a significant amount of data and telemetry with models that constantly evolve.

“It’s neat that it continuously improves,” he said. “And then, there are always people on our side, with the service that we’re providing.”

The Red Cloak TDR service lets customers discover threats and respond to them on their own, or they can tap Secureworks engineers via MDR via a chat interface when they need help in responding to an event.

Founders Credit Union’s Bob Bender

Bob Bender, chief technology officer at Founders Federal Credit Union of Lancaster, South Carolina, and a longtime customer of the Secureworks MSSP offering, said he could see using the Red Cloak TDR and other unannounced Red Cloak products in the pipeline.

“We’ll use their managed services, and if there’s a gap there that the new product fills, will look to adopt that also,” said Bender, who also was at the Dell Technologies gathering in New York.

Secureworks has new iterations of Red Cloak on its road map, Vidas said. The current release is cloud-native, but an on-premises version is also in the works, though he declined to elaborate.