Life is simple when we can easily categorize things into their appropriate swim lanes. As the security industry has grown, and new problems have emerged, there has been a rapid growth of tool companies, purpose-built to address individual problems — effectively adding more and more swim lanes to the pool. At a certain point, things got too complicated, and a new non-security related problem emerged: “How do I manage this rapidly growing sets of tools for effective security outcomes?”
The market at large, took two distinct approaches to address this problem: building more tools and building out managed services.
The first involved creating yet another tool—designed to pull the information from all of these other disparate tools and work with them in a single console. And just like that, a new security point-product sprung up to solve the tool-set problem, which has subsequently morphed into what we know as Security Information and Event Management, or SIEM. This was a viable solution for companies that had the security maturity and staffing to solve the problem of individual tool complexity, but all it really accomplishes is to put all the problems in one place versus having to search across multiple tools. Did it really help drive better security outcomes?
This brings us to the second solution: outsource it! Numerous national, regional and local managed security service providers (MSSPs) sprung up to offload this particular challenge from the customers. Of course, this didn’t really address the problem either—it just shifted the burden of responsibility and moved the cost from a head-count expense to a recurring OpEx (operational expense) charge. This was a fine way to make the problem go away, and was a convenient option for many organizations, but it didn’t really fix any of the fundamental problems that created this mess in the first place.
We spend a lot of time with the analyst community and one of the things that we constantly grapple with is getting shoehorned into being categorized as a pure services company or a pure tools company. Pockets of that community are starting to look at the Managed Detection and Response (MDR) space and acknowledging that there is a different approach, but by and large, the majority of the assessments are either services-focused or tools-focused.
Consider these two situations that have come up in recent analyst evaluations:
- The measurement criteria for a tools company is the “ease of software installation by the customer without the assistance of additional services.” How do you measure a vendor who delivers this as a service and always performs the installation as part of their onboarding? We have trained experts that have been doing this for over a decade. What looks complex for an end-customer to deploy themselves has been streamlined and improved by dedicated professionals over many years.
- The measurement criteria for a pure-services company is, “How far-reaching/broad is your capability across the entire security landscape?” We never claim to be able to address the entire security landscape. We’ve specialized to solve a defined set of issues to address the biggest pain points that our customers are experiencing. Part of the reason we are so successful at addressing the problem at hand is that we have curated the breadth of what we want to solve.
Alert Logic took a radically different approach. We looked at what information would be needed to drive a better security outcome and built an integrated platform to collect and analyze that information. But we didn’t stop there—we married it with managed services and provide the security experts to help drive the right outcomes to for customers.
We took things that these single-focus companies do, like IT asset discovery, log aggregation, EDR (endpoint detection and response), vulnerability scanning, network traffic analysis and web application security and built a platform to collect all that data. Then we merged all that security and log data with threat research, applied technologies like machine learning, anomaly detection and behavioral analytics to identify what really needed to get addressed. Then, we take all of these insights identified by our team and escalate the most important incidents to a customer’s security organization to remedy. We’re singularly focused on driving to better outcomes.
What’s the common thread here? It’s that tools are not enough, and services are not enough, and in many cases, too much of each just make the problem worse. To drive to the best possible outcome, you need people working side-by-side with a purpose-built platform at every step of the way. That’s the missing piece.
Our approach—which we believe puts the focus on our customers’ security outcomes—merges those two distinct categories, and in the process, firmly breaks the swim lane mentality. We’ve never wavered in what we feel is important—it’s to deliver peace of mind for our customers. The best way we know how to do that is to embrace the fact that tools are not enough.