Proficio Adds Channel Program To Help Stop All The 'Noise'
Midmarket businesses are deploying next-generation firewalls and modern breach-detection appliances that promise higher detection rates and better management tools, but far too many of them are underestimating the increasing workload associated with the new gear, according to Brad Taylor, CEO of Proficio.
The Irvine, Calif.-based managed security service provider is touting its monitoring and management services and has added a channel program to engage resellers and networking consultants interested in referring business to clients. At the core of the company's services is its security information event management system (SIEM) service, built on HP-ArcSight, according to Taylor, a security industry veteran who held positions at both ArcSight and RSA Security.
Proficio's security operations center has the ability to reduce the "noise" generated by all the networking gear, antivirus and other endpoint security software to identify the most critical threats that need immediate investigation, Taylor said.
[Related: McAfee Stonesoft Strategy Includes Incident Response]
"If someone is not looking at logs and alerts effectively, they are being flooded with false alarms and missing the most critical events," Taylor said. "There's a lot of monitoring services out there, but many of them monitor without mapping the data to the business context and the customer's unique environment, and it's no longer sufficient to finding threats."
Midmarket businesses that add next-generation firewalls and other security appliances often don't have the IT staffing to adequately maintain them over time, said Doug Close, vice president of security at Sayers Group, a Chicago-based solution provider. Close said the company sells networking gear and software that supports its data center, virtualization and storage server business, and has seen steady growth in its security business. In addition to Proficio, the reseller has forged relationships with Solutionary, a subsidiary of NTT Com and other MSSPs.
"We run into a lot of clients that have bought some tools and are struggling to get the full value out of them," Close said. "The whole MSSP model has certainly gained a lot of traction across a lot of clients and prospects today, because people don't have in-house talent or the resources to attract and retain them."
The MSSP model took a blow earlier this year, when the details of the massive Target credit card breach emerged, revealing that the company failed to investigate alerts generated by FireEye appliances, which experts surmise may have prevented the breach. The retailer reportedly outsourced monitoring of the appliance to a business partner operating out of India.
Proficio's Taylor points out that failing to investigate the alert was likely one of multiple issues that led to the breach. Stolen account credentials, system access, and file and configuration changes are among the myriad of ways a breach can be detected within the kill chain, he said.
"With all of these breaches, there is usually more than a single event that occurs with an advanced attack," Taylor said. "There probably were multiple events that may have signaled a potential issue, and they may not have had the granularity to collect, monitor and correlate all those events."
Solution providers are turning into the equivalent of a fire department, said Terry Kurzynski, a senior partner at Chicago-based solution provider Halock Security Labs. Halock recently grew its incident response readiness team and launched managed services to help companies monitor, maintain and address some of the issues identified by the latest network security appliances.
"Many of us are putting out the fires because these solutions are not being managed and monitored appropriately," Kurzynski said.
Proficio's Taylor said his company offers standard 24x7 monitoring and management services, as well as alerting and remediation assistance.
Through the MSSP's Synergy Partner Program, resellers can offer their clients a variety of service level agreements that typically span multiple years, Taylor said. In addition to NG Firewalls, Intrusion Protection Systems and Web Application Firewalls, the company's team also can manage Cisco ASA, Palo Alto Networks, HP TippingPoint, Fortinet, Imperva, Juniper and other security devices.
PUBLISHED OCT. 2, 2014