"He envisioned a way to incorporate communication between firewall and IDS, before almost anybody else had considered doing that," Ketts said.
Pearson joined with fellow former CompUSA executive Joan Wilbanks to found Atlanta-based SecureWorks early in 1999. "To start, they put together a patent for the process of managing a remote intrusion prevention device," Ketts said. "They also put together a patent for the technology behind the intrusion prevention -- the back end technology for managing it."
When it was first offered, the service was aimed at smaller business clients, but Ketts says the market just wasn't ready. "Back in that time frame, intrusion detection was fairly unknown, let alone intrusion prevention," he said. "There was just too much education and too long of a sales cycle for those small-office, home office type businesses to even be interested in it, so we started to move up into the mid-tier market."
In the long run, he says, it's turned out for the best -- especially considering the challenges of trying to manage security for a mid-sized company. "Managed security services are an ideal solution for a mid-sized company that can't dedicate an entire group to managing security," Ketts said. "It's a great way for them to be able to get good monitoring and response without any additional head count or real capital outlays."
Born To Serve
From the beginning, Ketts explains, SecureWorks was always envisioned as a service rather than a standalone product, which has made the job easier for the company's security team. "It makes it a little different than some of the other products that are out there. We can overcome some of the challenges that might be incurred in trying to manage commercial, off-the-shelf products as a large MSSP," he said.
The cornerstone of SecureWorks' Managed Intrusion Prevention Service is the iSensor appliance, which sits on the customer's network to monitor traffic. "We know it intimately, because we've created it -- and we've created the systems such that they're built to be remotely managed en masse," Ketts said.
The iSensor's intrusion prevention methods, Ketts says, have evolved over time. "First, it was an integration with the firewall: now, it's a packet filtering intrusion prevention system," he said. "It's still tightly integrated with the firewall, but the intrusion prevention system itself does the packet filtering, so it's a little different than some of the things that exist out there today."
The signature sets used by the iSensor are constantly maintained and updated by SecureWorks' research team. "They're dedicated to managing the attack signature database on the iSensor, and they do it in two ways," Ketts said. "First, they write signatures that protect against vulnerabilities rather than specific exploits -- then, later, they'll add new signatures that are more refined to protect against specific exploits."
By protecting against vulnerabilities as well as exploits, Ketts says, SecureWorks was able to block attacks like Code Red and Nimda before they were even identified. "Those types of worms exploit specific functionality within a Web server," he said. "Because that vulnerability was announced months before those exploits were written, we had signatures in place to protect against the vulnerability."
In addition to identifying and blocking malicious traffic, the iSensor also sends alerts to SecureWorks' security operations center. If the nature of the traffic is simple to determine, Ketts explains, SecureWorks just alerts the customer as to the action that was taken. "Once we determine whether it was a threat or a false positive, we'll write up an incident report and send that to the customer," he said.
Other traffic, though, isn't as easy to pin down. "We have a certain level of alerts that are in a gray area: they're not really malicious attacks, but they're probably precursors to attacks," Ketts said. "Those are where we spend a lot of our time, analyzing what's happening and what's going to happen. If we see something in that gray area, then we'll really dig into it and determine what's going on."
Thanks to the work of SecureWorks' research team, Ketts says, its false positive rate is currently below six percent. "With a lot of the intrusion detection systems out there today, you're looking at maybe 80% to 90% false positive rates, and so it's very hard to catch the actual attacks," he said. "Because we've really refined our signature set, most of what we look at is the real deal."
Pricing for the iSensor hardware starts at $2,475 plus an installation fee. The pricing for SecureWorks' managed services is based on the number of nodes protected, starting as low as $4,995 per year.
Accredited Intrusion Solution?
Jerry Nichols is vice president of operations for the Newport News Shipbuilding Employees' Credit Union. Founded in 1928, the credit union boasts 78,000 members and over $600 million in assets. According to Nichols, the National Credit Union Administration requires intrusion detection for all credit unions with online access, so he's spent quite a while considering various IDS solutions.
When he started exploring the options, he says, it quickly became clear that managed services were the way to go. "We looked at trying to do it ourselves, and there was no way we could justify the cost —hardware, software, and the right talent -- to cover us 24/7," Nichols said. "I talked to a few application service providers that were providing that service, but I really wasn't happy with their model."
The fact that SecureWorks was focused exclusively on managed security, Nichols says, was a key selling point—and, he notes, others have failed where SecureWorks succeeded. "We had a few companies try to get our intrusion prevention business after we had the iSensor installed," he said. "We said, 'Go ahead and see if you can get past it.' And they couldn't. That's a good indication of how good it's been for us."
In the long run, Nichols says, SecureWorks' managed services have been able to provide the kind of security that the Credit Union would never have been able to provide internally. "I've got a minimal staff, and I can't afford to go out and hire the kind of expertise that we would need to set up the hardware and software-much less have the 24/7 coverage," he said.
And according to Ketts, that kind of service has translated into happy customers. "Over the years that we've been in business here, we've really learned how to provide this service to our customers and to provide them value," he said. "That's reflected in our customer retention rate: we have a better than 93 percent customer retention rate, which really speaks to the quality of what we do for our customers."
This article was first published on ISP-Planet, an internet.com site.
Loading Comments...