Cyware for Managed Security Service Providers
Automate security monitoring and response for your clients.
Cyware’s Solutions for Managed Security Service Providers (MSSPs)
Cyware’s solutions facilitate scalable and integrated management of all client security operations. The modular platform works in an integrated manner to link threat investigation, triaging and client alerting through an efficient, automated process. The solution comes with a multi-delivery alerting mechanism and advanced automation capabilities to ensure real-time notification and alerting on security threats
Cyware’s modular approach comprises of the following integrated platforms:
Cyware enables MSSPs to modularize the entire solution across different clientele by deploying separate, integrated modules for incident response and orchestration. With Cyware, MSSPs are not required to have a full orchestration (SOAR) layer installed for all clients. Instead, MSSPs can cut down their high operational costs by deploying Cyware’s lightweight cost-effective orchestration gateway based on the client requirements.
Cyware’s solutions fit perfectly into the client-centric security needs of any MSSP and they cover three critical and widely-adopted managed security scenarios.
In Scenario 1, a managed security provider goes beyond just managed detection to share the role, location, and sector-based security alerts with the clients over multiple delivery channels. In addition to email, MSSPs can leverage Cyware Situational Awareness Platform (CSAP) as an additional interactive medium to disseminate the incident from MSSP to clients to enable efficient bi-directional communication. With Cyware, MSSPs can automate the entire threat detection workflow. Cyware Security Orchestration Layer (CSOL) is an advanced security automation tool that orchestrates the collection of threat data from SIEM and ITSM tools deployed in the MSSP environment. CSOL also connects with Cyware Fusion and Threat Response (CFTR) Platform to deliver automated alert triaging at machine speeds thereby eliminating the entire manual effort and reducing the overall costs for MSSPs.
Served Client Base: Tier 0: Small size: No Orchestration: Narrow technology landscapeMSSP clients who do not require any direct orchestration and want to receive notification for any incident/alert and act on it on their own.
Use Cases and Benefits for MSSPs
(<30 seconds)
Scenario 2 goes beyond the basic managed detection services to provide direct action taking capabilities in the client’s security tools to the MSSPs by hosting an advanced threat response and automation platform in the MSSP’s environment. Cyware Fusion and Threat Response (CFTR) Platform offers advanced levels of incident investigation, triaging, and workflow management capabilities for MSSPs. With CFTR, MSSPs can streamline post-detection and incident triaging, followed by data enhancement, incident correlation, and intel enrichment processes. MSSPs can also leverage several key metrics within CFTR including average incident cost, cost per incident type, the average cost per analyst, etc. to quantify incident costs across the line of clients. With Cyware, MSSPs can use the automation and orchestration capabilities of Cyware Security Orchestration Layer (CSOL) to take direct actions in the security tools, including firewall, IDS/IPS, EDR, etc. deployed in the client’s environment to proactively block malicious threats.
Served Client Base: Tier 1: Medium size: No Orchestration: Well Developed Technology LandscapeMSSP clients who want to orchestrate security tools deployed in the client environment that can be managed through an orchestration layer deployed in the MSSP environment. This enables MSSPs to take direct response action in their environment while also separately receiving threat and incident alerts for their clients.
Use Cases and Benefits for MSSPs
Note: In addition to the ones listed below, this scenario includes all the use cases and benefits from Scenario 1.
Triaging & Response
Scenario 3 covers the advanced levels of managed security services involving a large number of clients. In addition to the threat response, security automation, and threat intelligence platforms being hosted within the MSSP’s environment, an additional lightweight orchestration layer called CSOL Agent is deployed within each client’s environment for faster and easier orchestration of threat data from on-premise deployed security tools. The CSOL Agent facilitates the orchestration of threat data to MSSP’s environment for managing detection, notification, investigation, and response tasks. The dedicated orchestration layer in each client’s deployment environment makes incident triaging, threat data correlation, and automated actioning precise and relevant to each client.
Served Client Base: Tier 2: Large size: No Orchestration: Wide Technology landscapeMSSP clients who want to deploy a dedicated orchestration layer in the client environment to orchestrate threat data from their disparate security tools. This is done using CSOL Agent, a lightweight integrator, with a size less than 20 Mb, that enables MSSPs to take direct response action in their environment while also separately receiving threat and incident alerts.
Use Cases and Benefits for MSSPs
Note: In addition to the ones listed below, this scenario includes all the use cases and benefits from Scenario 1 and Scenario 2.
An Essential Overview
Capability | Scenario 1 | Scenario 2 | Scenario 3 |
---|---|---|---|
Manage detection services with automation | |||
Share alerts with clients in real-time (<30 seconds) | |||
Acknowledge alerts and assign actions | |||
Share early warning threat levels with clients | |||
Enrich threat intelligence from trusted sources | |||
Enable clients to share advisories/threat intelligence with MSSP | |||
Foster discussion-driven collaboration between clients | |||
Threat data knowledge sharing between MSSP clients | |||
Multiple alerting and notification channels | |||
Automate incident investigation, triaging & responses | – | ||
Reduce client incident costs through effective tracking & metrics | – | ||
Take actions directly within the client’s environment | – | ||
Reduce response times with unlimited brand-agnostic playbooks | – | ||
Foster collaboration through cyber fusion | – | – | |
Connect-the-dots between security threats | – | – | |
Deploy a dedicated automation layer within the client’s environment | – | – | |
Enable cross-environment automation without exposing on-premise networks | – | – |