10 Things To Know About Continuum's New Managed Security Offering

The Next Frontier For MSPs

Continuum has introduced two new managed security offerings that will enable MSPs to protect and respond to emerging cyberthreats facing their SMB customers.

The tools are intended to help MSPs customize their security toolkit based on the particular types of threats each customer faces and remediate security breaches by leveraging Continuum's around-the-clock security operations center (SOC).

Continuum's Fielder Hiss and Tasos Tsolakis spoke at the Navigate 2017 conference about setting up the new SOC, the importance of reducing the amount of time bad actors are in the customer's system, and a third security offering coming late next year. Here's the rundown on what MSPs can expect from Continuum's Profile & Protect and Detect & Respond offerings.

10. MSPs Can't See How Their Existing Security Products Work Together

Solution providers today manage way too many tools without a centralized view of what's going on or the gaps in protection, according to Hiss, vice president of product. These tools can span the gamut from anti-virus and patching to firewalls and DNS protection, Hiss said.

"It's very difficult to look down and see the gaps yourself because there's nothing bringing them together," Hiss said.

Continuum's Profile & Protect offering will allow partners to have discrete offerings based on the needs and concerns of their customers as well as see where coverage gaps exist and how they can be addressed, Hiss said.

9. Continuum's Security Operations Center Is Already In Operation

Continuum's Security Operations Center has already been operating for a couple of months in Mumbai and Pune, India, according to Tsolakis, senior vice president of global service delivery.

Although the SOC isn't yet processing any data on behalf of MSPs, Tsolakis told CRN that they're already part of the team talking with MSPs about product design.

To date, Tsolakis said the SOC has been working closely with Continuum's product management team to merge product and processes together and ensure the two sides are fully aligned on the services that are being offered.

Soon, Tsolakis said the SOC will begin working with customers on managed security pilot programs.

8. Customers Can Identify Which Risk Factors Are Most Relevant To Their Business

Continuum's systems show which machines are at highest risk for a security incident, as well as the protection vectors that are most relevant to that threat.

Partners will be able to set up individual profiles for each customer examining risk factors ranging from insider threat and external threat to phishing and ransomware and top exploits, Hiss said. Continuum's SOC will also be creating new threat profiles as security risks evolve over time, according to Hiss.

All told, Hiss said the profiling component ensures that end users can see what risks they have based on the factors they indicated were most relevant to their businesses.

7. Continuum Assigns Each Device A 'Risk Score' Based On The Vulnerabilities Identified

Profile & Protect provides clients with a "risk score" for each device ranging from 1 to 100, with 1 being the best, Hiss said. The risk score should help direct MSPs to where they should be focusing most of their energy and attention, Hiss said.

MSPs can take action to address the security deficiencies directly from the desktop interface, Hiss said. This could include opening up tickets or configuring DNS protection, according to Hiss.

The tool also generates reports that can go back to the end user showing the previous security state, the work that was done, the current security state, and risks that still exist. This helps the MSP demonstrate its own value, Hiss said.

6. Continuum Plans To Leverage Its Expertise From Running A Network Operations Center

Although Continuum might be new to having a SOC, the company already runs a well-established Network Operations Center (NOC) in Mumbai and Pune. Tsolakis said the NOC employs 750 people, accounting for more than half of the company's 1,400-person workforce.

Even though the technical skills associated with a NOC and SOC are different, Tsolakis said the NOC provides Continuum with expertise on running very large operations. The NOC also has processes and systems in place for tracking tasks and following up on them, according to Tsolakis.

Continuum's SOC will have a similar operational process for following up and closing alerts and dealing with the remediation of outstanding issues, Tsolakis said.

5. Multiple Inputs Need To Be Correlated To Determine The Legitimacy Of System Activity

Bad actors are usually very skilled at disguising security threats to look like normal user activity, Hiss said. Only by correlating different inputs and running analysis can it be determined whether the behavior is for legitimate or illegitimate purposes, he said.

"The correlation event is hugely powerful because it's really looking at a lot of different inputs and information," Hiss said.

In response to system activity such as creating a new user activity, Hiss said Continuum's Detect & Respond will create a ticket and specify a level of criticality based on how suspicious it determined the activity to be.

4. Remediation Work Begins Automatically And Is Documented Meticulously

If a bad user account is identified, Detect & Respond locks the harmful account immediately and puts remediation steps into place, Hiss said. These steps are documented meticulously so that it's clear to the end user what threat was identified and how their MSP responded, according to Hiss.

"Creating new users can happen all the time," Hiss said. "They happen for very valid reasons, and they happen for extremely malicious reasons."

If the partner doesn't want Continuum to remediate everything automatically on their behalf, Hiss said the company can provide the remediation steps to the MSP so that it can carry out the work.

3. Continuum's Offering Reduces The Amount of Time Bad Actors Are In The Customer's System

A malicious actor can often spend weeks or even months in a customer's system without being detected, Hiss said.

The bad actors use this "dwell time" to navigate through the customer's organization and figure out exactly where they can do the most harm, Hiss said. Detect & Respond is purpose-built to quickly find malicious actors and mitigate outstanding issues, Hiss said, thereby cutting down on dwell time.

"The faster we can eliminate it [the actor], the better off we're going to be," Hiss said.

2. Continuum's SOC Has Just 10 Employees Today, But Can Grow Very Rapidly

Continuum only has 10 employees in its SOC today, Tsolakis said, but can increase resources very rapidly as demand ramps up.

Some of the SOC staff are existing Continuum workers that were already very familiar with security and have security skills, Tsolakis said. In addition to that, Tsolakis said Continuum hired some external security specialists.

The IT industry at large is expected to face a global shortage of 2 million cybersecurity professionals by 2019, according to Continuum. But this won't be as big of an issue for Continnum, Tsolakis said, said the company is looking for a relatively small number of resources and is known for being a top employer.

1. There's More To Come

Continuum's Profile & Protect and Detect & Respond managed services offerings are both slated to be generally available to its MSP customers in the first quarter of 2018. But that's not all the company has planned.

Later next year, Hiss said Continuum will roll out a third managed security offering focused on compliance, enforcement and analysis. For now, however, Continuum is remaining mum on the details.