MSSPs and Threat Detection Security Services: Case Study


Plenty of MSPs and MSSPs want to offer threat detection services. But many of those companies are not sure how to get started. One smart step: Learn from peer MSSPs that already offer such services.

Sword & Shield’s Jason Graf
Sword & Shield's Jason Graf

With that thought in mind, I spoke with Jason Graf, a security analyst and penetration tester a Sword & Shield Enterprise Security, a Top 100 Managed Security Services Provider (MSSP) based in Knoxville, Tennessee. We discussed the evolving threat landscape and the challenges associated with detecting and analyzing ransomware and other emerging threats on a daily basis.

Graf provided context around Sword & Shield’s business, which has been protecting critical data for mid-to-large-sized companies for more than 20 years. The company started focusing on managed security services five years ago as attacks became more sophisticated and burdensome for companies. The MSSP’s core business is to provide 24/7 detection and response capabilities against cyber threats for its customers.

Sword & Shield combines expert analysts, proprietary processes, and advanced technology to protect our clients around the clock, 365 days a year. We take this responsibility seriously, so we only use technology that is up to the task.”

Managed Security Services and Compliance

Graf went on to explain that Sword & Shield’s managed security services also helps companies to achieve industry compliance. “Compliance is a key driver of our services, particularly for companies in the healthcare and retail industries that need to satisfy regulatory and industry requirements.”

Graf said the Sword & Shield team of security analysts monitor from 1,000 to 20,000 assets per customer environment -- every day. That’s a lot of assets! Not only are there more assets than ever to monitor today, but security threats are also getting more complex and harder to detect.

Sword & Shield relies on AlienVault Unified Security Management (USM) to detect and analyze their customers’ threats. USM includes built-in security controls and continuous threat intelligence updates from AlienVault Labs to simplify threat detection and incident response. A unified approach to security monitoring eliminates the need for Sword & Shield to manage multiple solutions, saving them time and money.

Sword & Shield also leverages threat intelligence updates from AlienVault’s Open Threat Exchange (OTX), which monitors emerging threats from all over the world. By leveraging USM and OTX, Sword & Shield can focus on delivering value to their customers through threat detection and SOC data analysis to more rapidly grow their managed security services.

Graf likes the comprehensiveness of USM as compared to other security solutions. He explained that it goes well beyond just providing traditional capabilities of SIEM and log management. “While other providers offer point solutions, AlienVault’s USM provides a holistic, unified solution with essential capabilities including intrusion detection and vulnerability management.”

For Sword & Shield, pinpointing where hacker command and control communications are before they are used for malicious activities is important. The MSSP can consolidate their alarms, vulnerabilities and configuration issues into a single view through USM Central, our threat management console available with the USM platform.  A consolidated view of the threats detected in their end customer environments enables Sword & Shield to work more efficiently and respond more quickly to any security incidents detected.

Cloud Security Monitoring for AWS, Microsoft Azure

Graf is seeing a demand for cloud security monitoring as Sword & Shield customers migrate more of their infrastructure to Amazon Web Services and Microsoft Azure. The MSSP works with its customers to configure their cloud environments with the right security controls to protect against threats.

AlienVault MSSP Partner Program Information

Cloud security monitoring brings added complexities because service providers need visibility into both cloud and on-premises environments. This requires aggregating data from different logs, ensuring there is enough storage to support it, and integrating with business applications such as Microsoft Office 365, for monitoring.

Sword & Shield is currently implementing AlienVault’s cloud-based security monitoring platform, USM Anywhere, to manage threat detection across all environments. USM Anywhere continuously monitors, collects and analyzes data from cloud and physical networks.

“I’m excited about utilizing USM Anywhere to tap into our customers’ cloud infrastructure for comprehensive visibility. The SaaS platform simplifies cloud security monitoring and will enable us to offer new services, providing added value to our customers.”

Author Leslie Johnson is director of PR and social media at AlienVault. Read more AlienVault blogs here.