Booz Allen Hamilton, a $6.7 billion consulting firm based in McLean, Va., has launched an as-a-service offering for security information and event management, partnering with Securonix Inc.
The offering brings together Securonix's SIEM platform and Booz Allen's consulting and managed services. Securonix's SIEM provides log management, user and entity behavior analytics, and security incident response. Booz Allen's cybersecurity personnel monitor potential security threats and coordinate responses to threats as they are detected. Personnel also manage and enrich security content, adding additional context to data collected through the SIEM platform. Booz Allen delivers the cloud-based SIEM to commercial-sector customers in a subscription model.
Patrick Joyce, principal at Booz Allen and leader within the firm's managed threat services business, said SIEM as a service eliminates the complexity customers experience when managing the technology on their own. He said the offering relieves customers of the burden of maintaining infrastructure and cultivating security expertise.
"It is a complicated architecture," Joyce said of SIEM technology. He cited the challenges of building and maintaining an "infrastructure that can consume all of the current security data from an environment and having the expertise to build the right enrichment content and analytics to analyze the data."
Joyce described enrichment content as information that is used to provide a broader understanding of security event data collected from an organization's environment. He cited Booz Allen-produced threat intelligence as an example. The threat intelligence "allows us to identify network connection patterns, malicious files, and suspicious use of services -- like PowerShell -- that are not otherwise considered malicious."
Joyce added organizations can cut costs when subscribing to a managed SIEM offering versus maintaining an in-house deployment. The 24/7 SIEM offering also aims to provide faster threat detection and response, while easing the pressure on organizations to attract cybersecurity personnel.
"To be quite honest, just getting access to the right talent these days is difficult," Joyce said.
Patrick JoycePrincipal, Booz Allen Hamilton
The managed SIEM services marks the latest outgrowth of a long-standing relationship between Booz Allen and Securonix. Joyce said Booz Allen has been working with Securonix in a consulting capacity, helping customers adopt the vendor's technology to improve incident response and data protection.
Securonix CEO Sachin Nayyar said partners such as Booz Allen help customers develop security roadmaps for dealing with a range of initiatives, including cloud, IoT, mobility and work-from-home programs. Securonix is based in Addison, Texas.
Customers across a range of industries are candidates for SIEM as a service, Joyce said. He noted the offering is gaining traction in verticals such as healthcare, life sciences and energy.
"The solution is horizontal," he said. "It applies across the board."
The government sector may eventually become another market opportunity for Booz Allen's managed SIEM service. Nayyar said Securonix is in the process of obtaining Federal Risk and Authorization Management Program (FedRAMP) certification, which he expects to happen this year.