Sergey Nivens - Fotolia

Seceon MSSP program 'the way a channel is supposed to work'

Secure Designs encountered Seceon while on the hunt for the right SIEM tool. Seceon's Open Threat Management fit the bill and paved the way to a strategic partnership.

The more it looked at the SIEM tool market, the more that Secure Designs Inc. discovered that most products couldn't scale to the volume of data it received.

That is, until Secure Designs Inc. (SDI), a managed security services provider (MSSP) based in Greensboro, N.C., connected with Seceon, which developed the Open Threat Management (OTM) platform, an automated threat detection and remediation system. Today, SDI has become one of the first companies to join Seceon's newly launched MSSP program.

"We were interested in the product, but I think it was Seceon's willingness to work with us as a partner to expand the offering to meet some of our needs that really sold us," said SDI's CTO Ron Culler. The product expansions included Multi-tenancy features and some of the user interface controls.

OTM "brings a whole new level of efficiency" to SDI's security operations center (SOC) and will "weaponize" the MSSP's network personnel, allowing it to take on additional SOC functions while maintaining SDI's high level of performance, he said. "We see this as a logical way to meet an increasingly multidimensional threat."

SIEM tools: Automated remediation, SMB focus 

While several automated threat detection systems exist in the market, only a few handle automated remediation, which can be "a huge differentiator,'' noted Eric Ogren, a senior security analyst at 451 Research.

Eric Ogren, senior security analyst, 451 ResearchEric Ogren

"SecOps needs more security alerts like they need more mothers-in-law. What attracts them to ABA [Applied Behavior Analytics] is the potential to shutdown threats before the business is disrupted," he said.

Ogren said he likes the OTM architecture -- specifically, its use of containers and the layered approach, which "provides a ton of flexibility in deployment options and the ability to grow the product." The ABA market is gaining momentum as SOCs "desperately need capabilities that they aren't finding in their [SIEM tools]." Other vendors in this space include Exabeam, Niara, Rapid7 and Securonix. Unlike many of its competitors, however, Seceon addresses the needs of small and medium-sized businesses (SMB) via MSSPs, he added.

That was a key selling point for SDI. "We've seen the need for years for real-time threat mitigation, especially in the SMB sector,'' Culler said. "SMBs continue to be the hardest hit and have the most to lose but the least amount of resources."

Ron Culler, CTO, Secure Designs Inc.Ron Culler

SDI plans to first deploy OTM where they see the strongest need, he said, and the MSSP will target specific verticals that require additional monitoring and reporting, such as the financial, healthcare, and payment card sectors. "We are still looking at the various levels of service we can offer, adding SDI's layer of value on top of OTM."

Seceon's MSSP program

Seceon's MSSP program is aimed at channel partners delivering managed security services to Fortune 5000 organizations and SMBs. OTM was built using advanced data collection and analysis, machine learning, and proprietary predictive and behavioral analytics, providing what Seceon refers to as "SOC-in-a-Box."  

That translates to no rules or human intervention needed and that the product works in all types of cloud environments, said Gary Southwell, Seceon's co-founder and chief strategy officer.

"Most SOC teams have people staring at screens. We send out alerts when we need staff to take look at something'' on the dashboard, he said.

Gary Southwell, co-founder and chief strategy officer, SeceonGary Southwell

The platform integrates with existing tools MSSPs use for prevention and detection and response for both north-south and east-west traffic within the enterprise, according to Seceon. OTM lets MSSPs see and proactively stop threats as they occur. Additionally, the platform enables a single MSSP analyst to monitor and respond to several customers simultaneously. All updates are done automatically.

The SDI-Seceon partnership is more than the standard channel sales arrangement, Culler noted. "Seceon is interested in what we have to say. It's the way a channel is supposed to work."

Right now, Seceon is fine-tuning the MSSP program to meet the needs of various aspects of the market, he said. "I think they're appreciative of the breadth and variety of customers we have under management and the feedback we'll give them as we build out our base."

There is the competitive advantage of being able to provide increased business assurance to clients and prospects by detecting threats earlier and warding off attacks.
Eric Ogrensenior security analyst, 451 Research

There are a few compelling reasons for MSSPs to consider partnering with an ABA vendor like Seceon, Ogren said. Among them is the expense reduction in having to handle fewer alerts per client and having much more readily available information when an alert is processed. "There is the competitive advantage of being able to provide increased business assurance to clients and prospects by detecting threats earlier and warding off attacks,'' he said. "Some MSSPs hope to monetize this with extra-priced product lines, but I'm convinced that will have to be bundled into overall service prices instead of an  à la carte offering."

Southwell estimated Seceon's MSSP program will have over 100 partners in 2017 and 100% of sales will be done through the channel.

As organizations look to enhance their security strategies, Ogren believes the focus will be less on SIEM tools, which he calls "a tool to appease auditors" so organizations can explain what happened months back. Most organizations he talks to "are too busy fixing things to go back and explore their security history." Instead, Ogren sees SIEM tools moving toward Hadoop and elastic data storage to store massive amounts of event data, but using analytics to detect and prevent damage.

Seceon's strength lies in its ability to reduce the "noise" generated by security product alerts, Ogren said. "I've seen large organizations get more than 150,000 alerts from [data loss prevention] alone. How is any security [team] supposed to deal with that? Seceon's ability to use other factors to shrink the number of actionable alerts to manageable levels is a key feature for SecOps,'' he said.

If the Seceon platform has an Achilles' heel, it would be that it "isn't great at managing event data and generating compliance reports," Ogren said. "But then again, that's not where I would expect them to be spending energy."

Next Steps

IT security to rank among top technologies for partners in 2017

The channel tries to stem the tide of ransomware infections

Read about MSPs expanding their cybersecurity services

Dig Deeper on MSP channel partner programs