Secureworks Debuts RedCloak TDR
DELL TECHNOLOGIES WORLD — Secureworks on Monday launched RedCloak Threat Detection and Response (TDR), the vendor’s first security analytics SaaS application.
The announcement came in conjunction with Dell Technologies World, being held this week in Las Vegas.
RedCloak is designed to help customers detect advanced threats, reduce alerts and false positives without the need for in-house, high-priced security professionals.
“The application focuses on customer outcomes and on automating threat detection, investigation and response,” Wendy Thomas, senior vice president, products and business strategy at Secureworks, told Channel Futures. “We’ve taken the knowledge that we leverage in our platform technology today and made it more extensible and available to our customers’ security teams to leverage in the form of a software application.”
The product offers collaborative workflows, and integrates with ticketing systems, such as ServiceNow, among other features:
- RedCloak collects data from a wide variety of sources, such as the network, endpoints, cloud and business applications to understand a customer’s threat landscape. It reduces the number of false positives by integrating Secureworks’ knowledge of threat actor behaviors and leveraging machine learning (ML) where appropriate.
- The application is designed around Secureworks’ defense-in-concert methodology, and Red Cloak TDR unifies security environments and analyzes all relevant signals in one place. Users gain additional context so they can quickly and accurately judge the implications of each event.
- By seamlessly working on investigations together, teams can quickly reach conclusions. If they need to reach out for a higher level of expertise, there’s a built-in chat feature to get immediate access to a seasoned Secureworks expert. This benefit is included in the cost of the product.
• The application allows for a quick, accurate, software-driven response that gives users the ability to automate the right action.
• Because the application is cloud-native, it removes the burden of time-consuming platform management tasks.
• Red Cloak TDR deliberately does not charge by data consumption, so subscribers are free to process the security-relevant data they need to keep their organization safe.
• The application is designed to easily integrate into an organization’s current control framework, facilitating on-boarding.
Red Cloak TDR is the first of similar apps that Secureworks plans to release, Thomas said.
“This is the beginning of multiple applications like this that we will be launching. The idea is not to change what we do but to make what we do available in application form to customers who have in-house security teams that want to do it more on their own.”
This first SaaS app targets enterprise customers with about 10 IT professionals in-house as a “do-it-yourself application.”
“This gives our partners the ability to sell the application,” said Thomas. “The great thing about the way the pricing is structured is that it’s based on the number of endpoints. So even through it covers a wide variety of data source types, the pricing is simple and does not increase with sending more data to us.”
In fact, the more data, the merrier. Secureworks welcomes customer data because it helps provide better outcomes.
“The higher fidelity customer detections are, the better the response recommendations are,” said Thomas.
Customers without a large security team may need help running the application.
“We’re making technology that our team has available in our SOC to do things on behalf of our customer, more usable by in-house security teams or partners who deliver that type of service for customer,” she added.
If a customer wants to outsource their security investigations and remediation to a partner, that’s a value-added service, or service wrapper, that a partner could add on top of Red Cloak.
Secureworks targets a third-quarter launch for a service wrapper which entails running the Red Cloak application for SMB customers. Either a partner or Secureworks will deliver the services.