What the SIEM? A Q&A with Managed Security Services Provider Nuspire

CMIT Solutions of Round Rock would like to thank Daniel Hoban, Chief Strategy Officer for nuspire, for taking the time to answer a few questions about managed security and how we partner with nuspire to ensure that our customers’ data is always safe and secure.

Absolutely! Nuspire is a Managed Security Service Provider (MSSP) focused on delivering superior threat detection and remediation by coupling our skilled team of experts with our state-of-the-art solutions that merge big data and deep human analytics.

We set ourselves apart by focusing on franchises and mid-sized businesses who tend to operate off of distributed (or WAN centered) networks. These are organizations that are geographically distributed and can have a smaller number of nodes at many locations. Compare this to what the norm is for MSSPs: working with large corporations who house thousands of people in one building and install a solution on one tower that services all employees in that building.

Our challenge at nuspire: reengineering how a typical MSSP operates to best serve our franchise and SMBs customers who are geographically diverse with multi-locations.

CMIT Solutions utilizes our Security Information Event Management (SIEM) technology, called nuSIEM. In a nutshell, our technology is deployed on their customer’s IT systems (network gear, router, firewall, switch, server, PC, laptop, etc.) and it that alerts CMIT to any possible threats to their system(s). You can think of it like a security camera that is placed inside your IT systems that alerts you to any possible “break-ins”. We call these types of events an alert. I explain what that means in the next question.

Technology aside, we also help with the human element. It’s well known that IT security people are expensive and hard to keep for any length of time. Because of this, we find that many franchises and SMBs rely on non-IT employees to take care of their IT needs. This often leads to non-IT people talking to other non-IT people trying to solve a major IT problem. It’s a recipe for disaster. By partnering with CMIT Solutions, we have IT people talking to IT people who provide very informed, well thought out decisions and action plans.  This provides customers with valuable outcomes to solve their real pain: providing 24×7 expertise to find and solve their security problems.

SIEM (Security Information Event Management) = The technology that is used to record, aggregate, and monitor security events, and subsequently produce alerts on anomalous behavior, threats that bypass traditional security technologies, and events that require further investigation.

SOC (Security Operations Center) = The actual people in the security center that are trying to make sense of the SIEM alerts. You can think of it like how NASA’s space center command center was depicted in older movies…lots of people in one room that have their own PC monitor and are staring at a giant screen in front of them. Remember those?! That’s exactly what a SOC looks like now.

SMBs don’t think they are a target because of their business size. I recently heard a statistic that claimed 30% of SMBs think they are more likely to get struck by lightning than a security breach. Unfortunately, it’s probably the opposite and with a higher probability. The bad guys know SMBs typically don’t have security people, so they target them more often. In my experience, most SMBs will experience a security event every 2 years or so.

Absolutely not! nuSIEM is not a replacement, but a compliment. You have to take a layered approach to data security. I like to explain it with a traffic analogy. The anti-virus/anti-malware software acts like a traffic light. It’s saying yes (green light), no (red light), maybe (yellow light) to traffic entering the intersection. nuSIEM acts like a traffic cop and is there to make sure nothing gets by that shouldn’t. It takes a more hard-line approach to monitoring traffic with strict procedures and rules that must be followed.

Anti-virus and anti-malware software is, for the most part, dumb and does not discriminate. nuSIEM, on the other hand, questions it all. It stops and says, hum…something just happened, I need to investigate further. So, the anti-virus/anti-malware is the first line of defense and nuSIEM catches what gets by or is smart enough to avoid it altogether.

This question requires a very simple answer: NO! The nuSIEM solution was designed to be affordable for SMBs. When we kicked off our partnership with CMIT Solutions, this was a no-compromise issue for them. They knew their customers didn’t have the funds that large corporations did, but yet had as much of the need – if not more! Honestly, CMIT Solutions was able to get pricing not seen anywhere else on the market.

It truly depends on the type of threat. Our goal is to have serious security events looked at within 5-15 minutes of an event happening. Damage depends on the threat and what data information you have available to steal (SSNs, trade secrets, healthcare information, etc.). Spyware isn’t as big of a deal. We know how to detect and deal with those threats now (provided you have the right technology in place). Ransomware is a bigger deal. It immediately starts encrypting files on your network until you pay the data thieves. Other times the threat happens in the background, and thieves are stealing your processing power for other reasons. This can be very hard to detect without the right technology in place.

As data thieves get smarter, they are constantly changing and evolving their threats. This will never change. That being said, what we are seeing change is customers moving away from buying point solutions for the individual threats (anti-virus, anti-malware, spam filters, etc.) and moving towards managed services like CMIT Solutions. For Franchises and SMBs this simply makes more sense. They don’t have to be so reactionary or waste time and money cobbling solutions together that require continual monitoring and upgrading. Additionally, the worry about their IT systems disappears because their trusted partner is staying on top of it. It’s like buying insurance versus buying a widget. Customers get someone to manage their security, not just security products.

I also predict more college students entering the IT field. If big companies are having a hard time finding IT security people (there is a 0% unemployment in cybersecurity and 2M jobs in the US), then Franchises and SMBs do not stand a chance! Until the labor field grows exponentially, they must turn to a managed security services provider.