Cyware for Managed Security Service Providers

In Scenario 1, a managed security provider goes beyond just managed detection to share the role, location, and sector-based security alerts with the clients over multiple delivery channels. In addition to email, MSSPs can leverage Cyware Situational Awareness Platform (CSAP) as an additional interactive medium to disseminate the incident from MSSP to clients to enable efficient bi-directional communication. With Cyware, MSSPs can automate the entire threat detection workflow. Cyware Security Orchestration Layer (CSOL) is an advanced security automation tool that orchestrates the collection of threat data from SIEM and ITSM tools deployed in the MSSP environment. CSOL also connects with Cyware Fusion and Threat Response (CFTR) Platform to deliver automated alert triaging at machine speeds thereby eliminating the entire manual effort and reducing the overall costs for MSSPs.

Served Client Base: Tier 0: Small size: No Orchestration: Narrow technology landscape

MSSP clients who do not require any direct orchestration and want to receive notification for any incident/alert and act on it on their own.

Scenario 2 goes beyond the basic managed detection services to provide direct action taking capabilities in the client’s security tools to the MSSPs by hosting an advanced threat response and automation platform in the MSSP’s environment. Cyware Fusion and Threat Response (CFTR) Platform offers advanced levels of incident investigation, triaging, and workflow management capabilities for MSSPs. With CFTR, MSSPs can streamline post-detection and incident triaging, followed by data enhancement, incident correlation, and intel enrichment processes. MSSPs can also leverage several key metrics within CFTR including average incident cost, cost per incident type, the average cost per analyst, etc. to quantify incident costs across the line of clients. With Cyware, MSSPs can use the automation and orchestration capabilities of Cyware Security Orchestration Layer (CSOL) to take direct actions in the security tools, including firewall, IDS/IPS, EDR, etc. deployed in the client’s environment to proactively block malicious threats.

Served Client Base: Tier 1: Medium size: No Orchestration: Well Developed Technology Landscape

MSSP clients who want to orchestrate security tools deployed in the client environment that can be managed through an orchestration layer deployed in the MSSP environment. This enables MSSPs to take direct response action in their environment while also separately receiving threat and incident alerts for their clients.

Scenario 3 covers the advanced levels of managed security services involving a large number of clients. In addition to the threat response, security automation, and threat intelligence platforms being hosted within the MSSP’s environment, an additional lightweight orchestration layer called CSOL Agent is deployed within each client’s environment for faster and easier orchestration of threat data from on-premise deployed security tools. The CSOL Agent facilitates the orchestration of threat data to MSSP’s environment for managing detection, notification, investigation, and response tasks. The dedicated orchestration layer in each client’s deployment environment makes incident triaging, threat data correlation, and automated actioning precise and relevant to each client.

Served Client Base: Tier 2: Large size: No Orchestration: Wide Technology landscape

MSSP clients who want to deploy a dedicated orchestration layer in the client environment to orchestrate threat data from their disparate security tools. This is done using CSOL Agent, a lightweight integrator, with a size less than 20 Mb, that enables MSSPs to take direct response action in their environment while also separately receiving threat and incident alerts.