Security departments are buried in point solutions. They may not want more, but with new threats flying at them like a fleet of frisbees, do they have a choice? Managed security services are positioning themselves as a better alternative; could these more comprehensive, packaged offerings dig security teams out of the pile of point solutions?

From fighting novel threat types to simple infrastructure “hygiene,” security today is asking a lot from  limited company personnel. 

“It’s a challenge. … It could be lack of resources or … they don’t have the right expertise in-house, so they use managed security providers to help them get there,” said Melissa Zicopula (pictured), vice president of managed services at Herjavec Group Inc.

Herjavec focuses 100% on managed security — from threat detection and management to security operations. It is vendor agnostic in the technology it chooses to run in its solutions. Its experts sift through, monitor and manage those point solutions so customers don’t have to. 

Zicopula spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Splunk .conf19 event in Las Vegas. They discussed how managed services and automation pack a one-two punch against modern security complexity (see the full interview with transcript here). (* Disclosure below.)

Platform spinoff solves pain point

Herjavec manages and monitors security for customers — whether their infrastructure is on-premises or in the cloud. It leverages tools from vendors like Splunk Inc. to formulate use-case ready solutions for customers. For example, on top of Splunk’s machine-data platform, it built a tool to help customers locate their security data quicker.

“We were able to build in built-in queries — literally one click — say, if you wanted to get to a statistical side of how many data sources are logging your SIM,” Zicopula said. “You’re able to do it by just clicking on a couple of different … buttons within the tool itself. It gives you a holistic view of not just the alerts that are firing in your environment, but all the data-log sources that are coming into your SIM instance.”  

Playbooks lighten load

The power of security automation can be seen in “playbooks” that streamline and condense a number of tasks. “If you have a security-operations center with five or 10 analysts, it might take one analyst … two or three hours, whereas you can leverage a tool like [Splunk] Phantom, any type of [Splunk] SOAR platform, to actually create a playbook to do that task within 30 seconds,” Zicopula explained.

That can reduce the headcount needed to complete tasks. It’s possible to build all types of playbooks — for security monitoring, network operations, reporting and the like. When these are leveraged on a daily basis, all of these tasks become more streamlined and personnel can shift brainpower to more demanding tasks, Zicopula added.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Splunk .conf19. (* Disclosure: TheCUBE is a paid media partner for Splunk .conf19. Neither Splunk, the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE