Every Managed Security Services installation is unique, especially in complex technology environments. SecureWorks Managed Security Services Integration (MSSi) portfolio is designed to assist clients in better preparing and integrating their MSS Service(s) into their business processes.
In this video Joe Gigliotti, SecureWorks MSSi Delivery Manager, gives an overview of MSSi Plus, a valuable add on to our standard on-boarding process where a dedicated consultant provides integration above and Beyond MSSi Day One to include customized reporting, escalation procedures and post-implementation performance tuning for maximized time to value.
Hello I’m Joe. Today we’re going to talk about MSSI Plus. So MSSI Plus builds on the foundations that occur during MSSI Day 1. So training, tuning, and all of the deliverables that happen in Day 1 are complimented and built upon in MSSI Plus. We’re taking what the foundation that was established to the next level where we’re really working with the clients side by side to better understand what challenges are they trying to solve with their infosect program and giving them a dedicated consultant that joins them, typically on site, to better align the solutions that they have with us and move those forward.
So in Plus we take escalation procedures to the next level with some complex environments. We need to take different considerations in the way we escalate activity. So the consultant’s going to work with the client to align those escalation procedures and customize them at a more granular level to go to perhaps different teams or different parts of the organization that kind of own the different parts of the environment. We work with a client on what we call host-centric incident optimization. So we understand the complexities of the client’s infrastructure. As an examples a workstation that gets infected with malware moves from wired to wireless and maybe over VPN and if an incident spawned from that activity or when an incident spawned from that activity it’s actually following and we’re able to correlate the data together. So really working to understand the architecture of the client’s network typology is very important in what occurs during plus.
So tuning true negatives as we call them. So making sure that the normalization of logs coming into the SecureWorks Counter Threat Platform™ we’re also looking at different data that may not be by default actionable but for the uniqueness of the client it needs to be so working with the client to understand what is and make the changes to better incorporate what they need to have be visible in their data.
We work with the client on incident and event severities and categories. So making sure the high, medium, and lows in the different categories such as reconnaissance activity, malware, web vulnerability, we’re taking all the data and classifying that correctly and making sure that’s throughout the entirety of their portfolio as well.
We’re also looking at directionally. So going back to the network typology you know is this going engress or egress? What different types of systems is it traversing? Really taking the typology of the client’s network again into consideration into the service.
We’re looking at ways that we can enhance correlation. So where can we make event grouping and logical decisions around the data? Again to be able to provide that to a client on a more granular level on a silver platter so they can take that and run with it.
We also focus on asset population so we automatically know what’s logging to SecureWorks. They’re declared throughout the implementation process. But what else is in the client’s environment? The consultants want to know that because we can use that type of intelligence to better align what is logging and it’s very helpful to the analyst on the other side that’s looking at the data to know you know what are different network segments used for and how does the various pieces of the client’s network fit together.
We also work a lot with clients on integration in the form of reporting. So taking the predefined reports that are available on the client portal and customizing those for the client and making sure that instead of an escalation there’s a, it may be that there’s different activity that’s better served though a report that’s delivered every Monday morning at 6am. So taking those reports and customizing them and that consultant is a dedicated person to working with the client to create those.
And then we work on integration tasks around processes and procedures. So the MSSI team is comprised of folks that have a wealth of IT and infosec experience and they are also commonly working with clients to enhance their service. So using their historical knowledge and the uniqueness of that client to document the best ways that they can consume the service in a repeatable fashion that they can use throughout the partnership with us.
So that’s MSSI Plus. A dedicated consultant works with the client to better on-board, integrate, and performance tune a client’s managed security services deployment. The consultant becomes a dedicated stakeholder with their success so they’re looking top to bottom, no stone goes unturned to make sure that where we can improve we do improve and that dedicated resource drives all of those components on behalf of the client and really allows them to see better return on investment and quicker time to value. We’re taking what could take months and consolidating it down into several weeks to make sure that the client is positioned for success.