I’m the CRO at a Master MSSP. Here’s How We Drive Revenue with SOAR

The MSSP landscape has changed. The bread and butter for MSSPs have traditionally been security asset management. However, MSSPs must now perform detection and response functions to remain relevant, which goes beyond just deploying and managing security assets. 

In order for MSSPs to thrive in an increasingly competitive landscape, they need to be able to offer more advanced detection and response services. This requires the use of technology like D3’s Smart SOAR platform. The biggest growth segment of security services is detection and response, traditional security asset management is growing at a much slower pace. The growth rate for detection and response is estimated to be around 18-20%, while the growth rate for security asset management is somewhere around 12%. Therefore, in order for MSSPs to really thrive in an increasingly competitive landscape, they need to focus less on providing security asset management, which is perceived to add less value to an end customer’s security posture, and more on leaning forward with detection and response services.

My name’s Stephan Tallent. I’m the CRO at High Wire Networks, a thriving master MSSP that delivers end-to-end managed cybersecurity services globally, through MSP partners. Our managed services include extended detection and response, automated orchestration and remediation, and vulnerability scanning. Here’s how we use D3 Security’s SOAR platform for managed XDR, incident response automation, and improving our operational efficiency. 

How We Use Incident Response Automation at Overwatch by High Wire Networks

Incident response automation has been implemented into our Overwatch SOC operations, and we are leveraging the D3 Smart SOAR platform to provide advanced, real-time automation of response actions across the customers’ attack surfaces. It’s a key part of our XDR service offering at Overwatch, High Wire Networks’ managed cybersecurity business unit.

We are utilizing playbooks within the D3 platform, as well as other capabilities such as the Event Pipeline to reduce the number of unimportant alerts. This has enabled us to respond quickly and be highly effective at rapid incident response. We’ve matched the speed of attackers who move at machine speeds by responding with equally fast response actions.

The biggest way we leverage the technology is as part of our Managed Extended Detection and Response (MXDR) service. We use the Smart SOAR platform to automate response across different areas of the attack surface and reduce false positives, enabling us to focus on incident response more effectively. Moreover, we pull relevant data feeds into the incident response process automatically, which used to be done through multiple different sources. With D3, we have been able to integrate everything into a single source, making it an excellent tool for us in that environment.

How D3 Smart SOAR Improves Our Team’s Internal Response Capabilities

We use many playbooks that are already built into D3’s Smart SOAR platform, and many of the playbooks that we’ve built based on real-time recognition of threats. Even as recently as last week, we wrote a playbook that allowed us to respond to a threat we saw on the endpoint that was also leveraging firewall ports. So, we basically wrote a playbook to respond to that, and we rolled that out across all our customers as a result of recognizing it as a risk state. That playbook allowed us to better secure the customer environment and do so in a rapid fashion. 

Smart SOAR has reduced the amount of time our people are wasting on dealing with the alert fatigue that was inherent to how we were doing things before. We’re now able to reduce the number of alerts that are coming in and isolate the events that we should be concerned about, and then take action on. With that, we’ve been able to reduce the operational overhead associated with busywork or work that doesn’t really net out into an improved security posture for our partners and their customers. 

Basically, what D3 has allowed us to do is reduce the manual labor aspects of refining which alerts need to be paid attention to. And then also being able to automate the response actions, where much of this was done manually in the past. We’ve been able to reduce the operational overhead of our security operations team considerably, as a result of Smart SOAR’s capability.

How D3 Smart SOAR Helps MSSPs Improve Overall Profitability 

Being able to take action across all the security vendors that we run into out there — all the different firewall vendors, and the different endpoint vendors. Being able to automate response actions across those tools has dramatically improved our services, while reducing the cost of delivering those services. Not only has it improved our security efficacy from an operational perspective, but it has also greatly reduced mundane labor, so our operators are now focused on threat hunting and creating value for our MSP partner community and their end customers

The ability to leverage Smart SOAR has really driven up the effectiveness and the efficiencies of our team so that we’re not wasting a lot of time doing things manually. This has helped us to improve our profitability. Moreover, it has also greatly improved our security efficacy and our reach.

Not only are we able to reduce the overhead associated with manual labor, but Smart SOAR also gives us the scalability to reach into incident response workflows where we’re also highly effective. Additionally, the automation aspect allows us to branch out to other areas of the attack surface, further enhancing our ability to prevent security breaches.

Social Icon
Stephan Tallent

Stephan Tallent brings over 20 years of managed services, information security and sales leadership experience to High Wire Networks, having spent the last 15 years building managed security service practices within several different types of service provider businesses. Stephan advises partners on profitable, best-practice-based service offerings using best-in-breed security technology. He's a published security services expert and frequent industry conference speaker.