A Quintan O’Reilly, Sunday Business Post interview with Fergal Meehan, Paradyn CCO
Much of an organisation’ s cybersecurity knowledge revolves around SIEMs and SOCs, but modern developments mean that these ideas are becoming a thing of the past. Modern security offerings revolve around two main services. The first is security information and event management (SIEM) services, designed to detect threats before they hit a business. The second is security operations centres (SOCs), which are the human element of the process. They analyse, monitor, and detect threats while investigating and finding new threats.
Major organisations have been offering both, but there is always room for improvement, and modern vendors are changing their approach, which involves eliminating the SIEM entirely, said Fergal Meehan, chief commercial officer at Paradyn.
“They will continue to do endpoint protection, but it feeds into their own SOC,” he added. “They essentially have a data lake in the cloud where they can pull in all the endpoint information, and use their own SOC to decipher it. So, there’s no need for an actual SIEM on site.”
Vendors are eliminating some steps to provide a more efficient service. In Paradyn’s case, this type of approach can suit those in the Irish market for many reasons, as the vendor can take over the entire SOC service.
“With the SOC world, it suits because if you look at the Irish market, it’s very hard to put engineers on a desk 24/7 and operate on a follow-the-sun model,” explained Meehan.
“[We’re] positioning ourselves to actually lean on that service where a supplier like ourselves, they can go [and help the client directly]. From that, you’ve become familiar with the customers’ estate, their relationship with them, and access to their firewalls and other services, so you can make changes.
“Essentially, the whole SOC service, in a way, is outsourced to the vendor,” Meehan said.
This allows Paradyn to work with the people on the ground. While major vendors such as Sophos, Palo Alto and Cisco provide services, having that local connection is essential, so that you know you have someone to rely on when something happens.
The other development that is gaining a lot of love from customers and suppliers is the improving integration of managed detection and response (MDR) system
This is already under way with a select few vendors. Many big companies have had data analytics teams for many years and are leveraging them to provide SOC services to organisations. This will help reduce the friction between vendor and client and ensure the process between detection and action is quicker than ever.
Meehan uses the doctor’s clinic analogy to explain the relationship between an SIEM and a SOC, where the SIEM is a waiting room, and the SOC is the medical professional. Taking out the SIEM element speeds up the process, where the name of the game is to push towards a more proactive approach.
The other development that is gaining a lot of love from customers and suppliers is the improving integration of managed detection and response (MDR) systems. Meehan gives one example relating to its partner Sophos and how it carries out its MDR, where it now integrates with existing infrastructure.
One of the big pain points for organisations looking to upgrade their security posture is removing and adding new tools, which often means reconfiguration. One example of this is Sophos which layers its MDR on top of existing infrastructure and integrates it with existing endpoint protection.
“That gives seamless integration, so all the knowledge that’s built up with existing solutions remains in place for that customer,” he added. “There’s nothing to replace … and that maximises the value of the previous security investments that were made, and it avoids the [traditional] rip and replace.”
An organisation gets a unified view of its security posture without having to replace any products to accommodate the change.
The solution even integrates with any backup technology an organisation may have, allowing a Sophos MDR to watch SIEM backups. This is dedicated to making things as seamless as possible for organisations, so they don’t have to think about these things.
Meehan warns against the idea that traditional SOCs deliver exactly what customers expect when they sign up. With runbooks, customers find that what is agreed upon is quite limited overall in the event of an attack.
“It’s all well and good getting the SOCs in, but when you find out that you have a limited runbook and how to remediate it, it’s disappointing for the customer.”
“Look at the modern SOC approach, that works well, particularly in the Irish market. Especially with the integrations into your network environments, backup estates, multi-factor authentication, Microsoft estate and firewall.”
“It’s definitely the way forward, and hopefully this time next year… you’ll see a lot more talk around this type of approach to MDR.”
