These Executives and Managers Implemented SOAR at their MSSP. Here’s What They Learned
Security executives and managers at Danish MSSP Trifork Security speak about the benefits they’ve seen from implementing SOAR.
As a Security Orchestration, Automation, and Response (SOAR) vendor that prides itself on the benefits it provides MSSP partners, it’s important for us to get out and talk to the people on the front lines of those MSSPs to understand what works, where they get the most value, and what new features they would love to see.
We recently got a chance to speak with the team at Trifork Security, a Denmark-based MSSP, and they had a lot of valuable insights to share about how they use SOAR. In this post, we’ll share their thoughts with you, largely in their own words. If you’d like to see the video we made based on these conversations, you can watch that here.
A Broad Base of Integrations Can Streamline the Work of MSSPs
The more customers an MSSP has, the more complicated it becomes to connect to those customers’ tool stacks. Trifork found that a big benefit of SOAR was that it could streamline the integration process.
“We have multiple customers, and we need to be able to handle these customers on the same platform, so we only have to do integration to a third-party vendor only one time and we can utilize that across our customers,” said Karsten Thygesen, Chief Technology Officer at Trifork.
Without SOAR, setup and maintenance of integrations can be a big time-waster, as Philip Lyngø, Trifork’s Manager of Security & Analytics, told us:
“In the past we needed to do a lot of custom development to set up these integrations, make a lot of coding ourselves, all these things. Today… we get most of this out-of-the-box. So, we don’t need to develop and maintain all these integrations for hundreds of systems. That’s a really, really big benefit for us.”
SOC Tasks Are Faster with SOAR
One of SOAR’s main selling points is that it automates tedious, time-consuming tasks and frees up analysts’ time, so it’s no surprise that this was one of the benefits the Trifork team told us about.
“We can work way faster,” said Karsten Thygesen. “A lot of the work has been done in advance due to the integrations and automations, so the tier one and tier two people we have in our security operations center only spend their time on doing the key important decisions on how we should handle different security events. Many of [the decisions] could even be fully automated, so we do not use human time on handing them.”
Jakob Bo Møller, a SOC Manager at Trifork, said that without SOAR:
“…it was not possible to do incident handling in the way we do it today. It is very easy to get an overview of all the incidents that come in. All the detections, and all the alerts, they’re collected into a single platform. I don’t think we could handle incidents at the volume we do without a tool like [SOAR].”
Codeless SOAR Makes it Easy to Onboard Customers
Busy MSSPs spend a lot of time onboarding new customers, which slows their ability to grow. The more customers they bring on, the more people they need to dedicate to onboarding. Henrik Skovfoged, Business Unit Lead at Trifork, and Philip Lyngø both highlighted in their interviews how SOAR had helped them solve this problem.
“[SOAR] has made it a lot easier to onboard new customers, because it’s so flexible and it’s possible to get new log sources quite easily integrated,” Henrik told us.
Philip talked about how the multitenant solution gave Trifork a reusable template for onboarding, which could then be customized to the customer’s specific needs:
“When implementing new customers, or implementing new playbooks, or use cases things like that, it’s easy, it’s fast, it’s very intuitive, but also we can reuse it across the different customers.”
SOAR Helps MSSPs Ensure a High Quality of Service
A theme that came up regularly is that SOAR has enabled Trifork to provide better services, ensure they provided those services consistently, and give their customers visibility into the services they’re getting.
Henrik Skovfoged told us that SOAR is important for Trifork to “ensure the right quality and ensure that we are working after the same playbooks and procedures all the way along. It’s a tool that we use for providing the right quality to our customers.”
By giving their customers access to the SOAR platform, Trifork can demonstrate value and enable transparency. As Henrik also told us:
“Being able to prove to the customer that we have the same quality, that we’re doing it in a structured way, the way we are handling all the incidents, and doing it transparently as well, that is really a big quality for us.”
Empowering customers by giving them access to the SOAR tool also came up in our interview with Philip Lyngø. Philip said Trifork’s customers benefited from having a SOAR tool with an easy-to-use interface. “The ease of use, the good overviews, and the quick time to teach the customers to use the SOAR platform have also been a big difference for us, and that’s also a big, big benefit.”
SOAR Helps MSSPs Grow their Margins
Ultimately, MSSPs are businesses, and their tool investments need to support their business goals. We’ve written before about how SOAR can improve profits and business outcomes, and our conversations with Trifork confirmed that this was true for them. Phillip Lyngø said that SOAR was giving, “a much better possibility for [Trifork’s] business to grow, so even though we are rapidly growing, we can see that with the current staff we have now, we’ll be able to scale up to a lot more customers without adding more staff.”
Learn More About SOAR Benefits for MSSPs
If you want to see more of what the Trifork team had to say about SOAR, watch the video here.
D3 Security supports MSSPs in every corner of the globe and enables high-value services with our NextGen SOAR platform. D3 Security supports full multi-tenancy, so you can keep client sites, data, and playbooks completely segregated. Importantly, we’re vendor-agnostic and independent, so no matter what tools your clients use, our 500+ integrations will meet their needs. The NextGen SOAR Event Pipeline can automate the alert-handling capacity of dozens of analysts, while reducing alert volume by 90% or more.
Guest blog courtesy of D3 Security. Read more D3 Security guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.