AlienVault SIEM for Managed Security Service Providers

Thursday, September 16, 2010


Managed Security Service Providers (MSSPs) are companies who offer some level of outsourcing of information security operations. Industry analysts have long predicted that MSSPs would someday dominate the information security industry, but to date MSSPs provide services to only a small percentage of organizations. The logic of consolidating expertise and process management in a services company continues to appear particularly sound in the information security field, so why isn’t every company outsourcing their security today?

Roadblocks to both the service providers who wish to expand their services as well as the companies who would rather not maintain their own information security infrastructure have historically restricted the growth of this segment. Costs and complexity have limited the service offerings MSSPs could provide and customer demand for visibility has limited market opportunity.

In recent years Security Information and Event Management (SIEM) solutions have become central to enabling the MSSP market. SIEM provides a platform on which richer services can be built at lower costs and scaled to broader demographics. Many SIEM offerings are intended almost exclusively for use by enterprises. The feature sets, costs and management paradigms of many products might not lend themselves easily to MSSP application. There are SIEM solutions, however, that allow MSSPs to capitalize on the competitive advantages of unified solutions such as AlienVault and some others provide. Using an appropriately engineered and economically priced SIEM solution, MSSPs today can deploy unified security solutions managed through a single multi-tenanted console without impacting customer network performance or configuration.


Firewalls IDS/IDP Network Access Control Network->General Enterprise Security
Post Rating I Like this!
Bryan Miller Thanks for the whitepaper. More importantly, thank you for not making me register and get hounded with email to read it. Kudos.
Chris Blask You're welcome. Spreading sound memes is more important than spamming you - I'm sure you can find us if you want to... ;~)

Bryan Miller Amen to that....if only other vendors would follow your lead. After awhile I wouldn't deal with some of the folks if they gave me their product.

In fact, I have looked at your stuff in the past. Was toying with getting into the MSSP market. How do you see yourself compared to OSSEC?
Amine Mehablia MSSP is more than OSSEC. MSSP has no limitations when it comes to devices such as firewalls, switches, scanners and the lits is long. Some of the unsupported devices can also be integrated into the MSSP solution by getting involved the development team of the vendor, and one of the example is RSA SIEM solution - enVision.
Chris Blask Hi Bryan,

That's a easy one: OSSEC is included in AlienVault.

Chris Blask Hi Amine,

True: MSSP is about everything. That's the whole point imho.

I have long held the opinion that MSSP required another level of integration to gain broad adoption (long before we all coined "SIM/SEM/SIEM"). The Managed Firewall Services of the late 90s etc have always been thin offerings, what folks are looking for is an outsource for functionality without having to break out devices and applications along vendor-driven arbitrary dividing lines.

SIEM has always been all about integration, the core question that MSSPs must address to scale services economically and ubiquitously. The more functionality we as vendors can build in the easier and more cost effective our solutions become for enterprise and MSSP (hence things like my response to Bryan above). At the same time, our solutions much integrate with absolutely everything with minimum possible effort (hence the tools we and others make available to allow for user-driven custom integrations).