Charlie Thomas, CEO
Cybersecurity is changing... rapidly. Don’t blink or you may not recognize it in a few years. Yes, it’s still all about the journey and an arduous, meticulous path filled with innumerable checks and balances and continuous refinements. Staying one step ahead of the bad guys is never easy.
Some of the core tools, technology and processes including SIEM, Endpoint, Access and Identity Management, firewall, pentests and others remain cornerstones, but the power of analytics and automation have taken root and are redefining enterprise security. The typical enterprise cybersecurity program will look markedly different in five years (or less) versus what’s in place today.
“We combine industry leading technologies, unique analytics driven IP and a world class team of named experts to deliver capital efficiency and highly tailored outcomes specific to each CISO’s needs”
Cybersecurity is constantly evolving. From the classic tools of firewalls, anti-virus, vulnerability scanners and patch management to the tool heyday of the present, and looking forward to a data centric and coordinated view in the near future.
The images below represent a great example of the changes that have occurred in the day to day life of Security Operations. In the Apollo picture we see a more stripped-down command view with physical gauges and limited switches based on the mission capabilities. The same could be said for the firewall, anti-virus and single vendor architectures of the past. Users were very familiar with the alerts and events detected as they were from a limited defensive architecture.
The space shuttle is where most enterprises are today. Established Security Operations Centers requiring multiple specialists and complex operations and visuals to understand what is going on with the myriad systems and tools deployed. Fifty plus (50+) security tools is the standard in most businesses and finding the right people to look at the right screens is increasingly difficult.
The new Dragon capsule uses touch screens and software to help the user make decisions and changes in controls based on what is happening at that time. It provides a view into the future of Security Operations -- an environment that leverages automation, past experiences internally or externally, along with internal knowledge of processes and procedures, and systemic collaboration to direct and control a complex environment with easy to use, more reactive controls.
Let’s talk specifics on near future security operations.
In short, buckle your seat belt, open your mind and reimagine the modern enterprise security program. Let’s start with the SOC and move to the tools, technologies and processes.
Cybersecurity has always been a contest of innovation between the attackers and defenders. For example, in 1999 the “Melissa Virus” author innovated a new way to leverage the power of Microsoft Office Macros; defenders had to innovate with Macro protection mechanisms. 2003’s SQL Slammer exploited a buffer overflow to cause devastation, and this led to the innovations of Data Execution Prevention and the NX bit in processor architectures. The race between attackers and defenders won’t stop in the foreseeable future, but some companies are changing the game by innovating highly advanced, intelligence driven, automated cloud-first defenses that proactively protect customers from new attacks.
The table below shows how quickly some of the Tools, Technologies and Procedures will rapidly evolve over the next five years.
The end result for corporate security managers is they will have more insights, transparency and capabilities than they’ve ever had. Moreover, the digital and cloud transformation that enterprises are making will create more flexibility than ever to adapt new technologies and services. Choosing a destination today and charting a course toward a powerful modern enterprise security program and SOC in 2025 will ensure that the choices you make along the way will enable you the maximum flexibility to reap the benefits of a plethora of new, advanced capabilities that are becoming available over the next few years. A focus on measuring and improving overall security maturity posture provides a great navigation and planning tool.
The Table below from Momentum Cyber depicts the evolution of the modern ASOC.
We have developed a unique, cloud-based platform that gives our customers the best possible protection for their networks and digital assets. We’ve engineered maximum flexibility to leverage our unique IP coupled with ever advancing vendor technologies to deliver continuous improvements in overall security posture and risk mitigation
As highlighted in Momentum Cyber’s Research, one company that is doing some truly innovative things toward this SOC 2025 is deepwatch. The company has an extremely impressive roster of Fortune 1000 customers and is generating considerable buzz and attention from leading industry analysts. They are definitely changing the game of SOC Management and securing enterprises in many new and exciting ways.
deepwatch, a next-gen managed security service provider (MSSP), has changed the game for security operations center (SOC) management.
Customers in the managed security services market were ripe for change, they were hungry for better customer service, more advanced solutions and better outcomes. “We’ve built an impressive customer roster over the last five years by combining industry leading technologies, unique analytics driven IP and a world class team of named experts to deliver capital efficiency and highly tailored outcomes specific to each CISO’s needs,” says Charlie Thomas, CEO of deepwatch.
The compelling advantage for the customer is that deepwatch’s analytics-first managed security services remove the burden of building, operating and maintaining a SIEM platform and large team to provide 24/7/365 SOC management, allowing them to focus on their core business with peace of mind knowing their network and brand is protected. The subscription, cloud based platform delivered by deepwatch mitigates technology and “people risks” associated with standing up a large internal SOC.
deepwatch has an exciting roadmap that oozes innovation. The company is racing toward that 2025 SOC vision by rolling out its second generation Maturity Model, highly automated data-centric deployment, portability and access, named delivery squads, real-time collaboration, advanced ML-driven analytics, threat intelligence and more. This approach is innovative in ways that are new and distinctly different in the MSSP market.
The Maturity Model
deepwatch’s winning value proposition starts with its exclusive maturity model, for which the company has a patent pending. Mapped to frameworks such as NIST CSF and MITRE ATT&CK, the Maturity Model indexes the current security operations maturity of a customer based on the security coverage, logs, geographic spread, and numerous other factors. In fact, many organizations today don’t have a clear idea of how they are faring versus their peers from a maturity and threat response standpoint. deepwatch’s model benchmarks an organization’s cybersecurity program’s maturity against industry peers and overall. “The maturity score can help organizations gauge their program’s maturity at the beginning of the journey with deepwatch and 12 to 24 months later,” says Wesley Mullins, CIO/CISO of deepwatch. The automated index is a key differentiator that CISOs find valuable to communicate the efficacy of their security practice to the board. They use it as a framework to build out their roadmap and their security journey going forward.
The slew of innovations does not end there. deepwatch has a responsive app — deepwatch lens -- that integrates a wide range of data sources for consumption and viewing quickly and easily on a mobile device. Their R&D organization is delivering impressive work in the realm of machine learning. Additionally, the company has recently rolled out deepwatch Discover which leverages data science to detect anomalies and predict threats so deepwatch and its customers can stay a step ahead of malicious actors.
“The idea behind deepwatch and our roadmap as a whole from a security operations standpoint is to abstract the difficulties and challenges around building a world-class security stack and give customers the outcomes they need to act on,” says Patrick Orzechowski, VP of R&D, deepwatch. “Instead of focusing on specific vendors or technologies, we are building intellectual property that gives customers maximum flexibility while normalizing the outcomes from a security operation and threat landscape point of view.”
deepwatch’s managed security services offering encompasses Managed Detection & Response (MDR), Managed Endpoint Detection & Response (MEDR) and Vulnerability Management (VM) services. VM solutions serve as the foundation for mature SecOps programs, helping internal organizations build a mature vulnerability management program using a crawl, walk, and run methodology. It helps organizations identify assets and risks and internally prioritize risks to quickly address them, without any disruption to the organization.
The company, through its MEDR solution, provides managed endpoint detection and response (EDR). deepwatch partners with best-of-breed EDR providers. Utilizing the methodology of crawl, walk, run, it helps organizations get the tools in place and create an internal program around administering and maturing these solutions to maximize value.
deepwatch partners exclusively with Splunk and leverages its SIEM platform to provide 24/7/365 monitoring, validation, and alerting. The service is augmented with threat intelligence and automation using SOAR. However, a big advantage for deepwatch’s customers is the interaction with a named squad. Strong cybersecurity requires contextual knowledge and deepwatch’s named squad delivery model enables its teams to know specific customers’ environments and teams intimately which fosters high levels of collaboration. “We can learn the intricacies of our customer’s environment and quickly identify and resolve issues. We consider ourselves an extension of their team,” adds Thomas.
Today, customer expectations, from a managed security service standpoint, have gone beyond managing endpoints, firewalls, or devices. They want it to encompass the full lifecycle including data analytics, threat intelligence, machine learning, and anomaly detection to response. deepwatch has extended the lifecycle from managing devices or a platform to deploying cybersecurity experts and delivering outcomes to customers that they can act on versus traditional alerting without vetting or validation. Most importantly, deepwatch is a trusted advisor and partners with each customer to develop a strategy and roadmap to improve their overall security maturity.
Transparency and Collaboration
While technology is critical for success, deepwatch’s core values and tenets are built to deliver exceptional value to its customers through a transparent and personalized service. More often than not, conventional managed security service providers simply add all customers to a list, and there is no way to triage different incidents and alerts based on validity and veracity. The deepwatch team fosters collaborative relationships with its customers and delivers the high-touch services they were missing before deepwatch.
Uniquely positioned at the forefront of the next generation cyber framework, deepwatch’s comprehensive solution portfolio leverages automation and data analytics to deliver deeper insights to CISOs.
The Disruptive Difference
What is interesting about deepwatch is that they enable and allow all employees to work remotely from home offices. And they were doing this long before the global pandemic. A glimpse into its fully remote work culture reveals a collaborative fun-driven environment with a slew of HR best practices underpinning organizational excellence.
For the road ahead, deepwatch continues to selectively expand its partner ecosystem. On the product front, the company continues to introduce platform enhancements on a quarterly basis.
Today, deepwatch is buoyed by stellar growth and a high customer retention rate, a reflection of its exemplary solutions and compelling value. deepwatch is truly disrupting the managed security services industry.