With more and more MSPs starting to offer security services, what are the advantages of using (or partnering with) a cyber security specialist? James Goulding finds out from Rick Gray, Founder and CTO of Cyberfit Security, a provider of cyber security services to critical national infrastructure, intelligence services, enterprises and a growing number of SMEs
Rick Gray, Founder and CTO of Cyberfit Security, has 24 years’ experience in the industry and to date has founded two successful cyber security companies, giving him valuable insight into the trend of MSPs transitioning into managed security services providers (MSSPs). What are the risks of this approach and where might MSPs be cutting corners?
Technology Reseller put this question to Gray as part of a discussion about a product comparison he has been asked to carry out on behalf of a client. This itself is significant, as assessing the strengths and weaknesses of different products must be a key responsibility for any security services provider, and one that requires a high level of knowledge and expertise that it might not be easy for a non-specialist
“What we like to do is put products through a test to find out how they address our customers’ challenges, because we understand those challenges. If there
is a technology vendor out there that specifically addresses those challenges, we may partner with them, but they have to be effective. We like to ensure our customers are maximising their investment when it comes to spending money on protection and detection,” explained Gray.
“There are so many different technologies coming out every week, it is a minefield. If you take one particular area, maybe your endpoints, your laptops, and look for a solution, there could be 20 that come up immediately when you search on Google. How do you work out which one of those is the best, when they are all say they are the best?
“You could pay huge amounts of money to Gartner analysts and use the Gartner Magic Quadrant, or you could use somebody in the industry that has experience, that tests tools, that uses those tools in anger, pits them against each other, bakes them off and works out which ones are good in certain areas and which ones aren’t and why. That is something we do for our customers.”
Darktrace vs Vectra
As an example, Gray cites a recent comparison between Darktrace and Vectra that Cyberfit was asked to carry out on behalf of a client.
“They are both good technologies – I am not going to say bad things about either of them – but we were asked to go into a particular customer and do a bake- off between the two because Vectra and Darktrace compete quite heavily against each other,” he said.
Cyberfit and the client, which had had Darktrace for six months for proof of value purposes, drew up a list of criteria they would use to measure the effectiveness of both products. Based around monitoring and simulated attacks, these were designed to assess:
- each product’s capabilities, for example around false positives and false negatives, and the management overhead;
- how well each product deals with threats and attacks in a live environment; n the products’ ease of use and set-up, scalability, service and support and how well each one integrates with other security tools; and
- visibility of threats across the network.
“We put Vectra next to where Darktrace was on their live network and then we started to move forward with our tests. We did some simulated attacks into both products – some basic attacks and some more sophisticated ones. We found that Darktrace was able to detect the majority of those attacks successfully, apart from some sophisticated behaviour-type attacks designed to test the solutions’ AI and machine learning capabilities (which Darktrace detected but scored lowly – Ed). Vectra picked up all the attacks very quickly.”
Gray adds that Cyberfit’s assessment highlighted significant differences between the tools, notably around how they handle anomalies, with Vectra trying to validate findings before raising them to a human which, according to Gray, produced far fewer false positives.
“There was a huge difference,” he said. “We advised that customer that if they went with Darktrace they would probably need to employ another four analysts
to manage the product because of the vast amounts of information it created, compared to one person with Vectra.”
A new customer
Cyberfit was not a Vectra customer before it began its assessment, but it is now.
“Our technical guys were so amazed at the technology that we took the decision to take it on. One, it makes us look good in delivering the service; it is easier for us to deliver a service with that technology; I don’t need so much resource internally; and the way it integrates with some of the other tools we have in our portfolio is already there – all the APIs are there. It is a great technology and we have deployed it into many places now,” explained Gray.
“We also manage other people’s environments that have Darktrace from a SOC perspective, and it is a very, very noisy tool. They all are, but Vectra seems to have a way to suppress that noise and only show you things that are happening.
“A good analogy would be if a burglar comes up to your house in the middle of the night, tests your door to see if it is unlocked but doesn’t come in. That is not too much of an issue. But if he actually opens the door and comes in and starts rooting around in your kitchen drawers, you will want to know about it. That is the difference between the two technologies. Darktrace tells you when somebody is coming up, looking over your fence and trying to get into your windows, when, really, you want to know when somebody is actually breaking into your property.”
Skills and expertise
Gray says that Cyberfit has skills and expertise in around 30 different vendors’ products and works closely with about 12.
“We favour the ones we do because they do what they say they are going to do and have great R&D investment into their business. If there are new feature requests, they are done very quickly. We look at the funding they have as an organisation; we look at the people behind them. It is not just what the technology can do; we don’t want to be stung by putting these products into customers and then, a year down the line, find that financially they are struggling and we have to tell the customer they are going into liquidation. There are a lot of things we look at.”
This sort of product expertise is critical because not all security products are equally effective. Nor, points out Gray, does everyone have the same requirements.
“Every customer is subject to different regulations and has different drivers. We have some customers who just want a tick in a box to show they have done enough. Then, we’ve got others that actually want to protect their environment and detect when there is suspicious activity going on and really investigate the ‘who, what, when, where and how’ so that they can fix it and stop it from happening again in the future.”
Gray estimates that only about 30% of companies have reached the stage where they can effectively investigate, protect and detect themselves, before adding that no one can protect themselves fully.
“If somebody wants to come into your house, you can put double glazing in, you can put extra locks on your doors, double locks, you can padlock gates etc., but if they come with a sledgehammer and smash your window, they are in. It is the same in IT; bad actors can get in and then it is all about identifying that they are in and acting quickly to minimise any damage.”
Cyberfit can help clients do this through a fully managed service, where they deal with all the remediation, use their own security analysts to analyse the data and look for indicators of compromise, or they can dial that service down and utilise the client’s own IT team to do various tasks, with Cyberfit providing a second line of defence/support.
It is not just end user customers that need this sort of service. For the last three years, Cyberfit has been working closely with MSPs.
“About 50% of our business is through partnerships with MSPs. They take us into their clients and we ensure that we put the correct protection and detection on their systems, because MSPs don’t really know what they are doing when it comes to cyber security. They are good at offering cloud services and infrastructure services, ERP systems, but they don’t secure those systems enough, so we do a lot of that,” explained Gray.
Gray admits that finding skilled staff can be challenging but claims that through its 15 employees, successful graduate recruitment scheme, in-house training and a pool of consultants, it is able to maintain high skill levels.
“One thing I pride my business on is we do have some of the top technical people in this industry and a lot of the people who work for me are ex-customers. They have got a background in critical national infrastructure, protecting some of the country’s crown jewels.”
Since Covid, Cyberfit has been diversifying its customer base of large enterprises by developing an SME side to the business. To this end, it has created different
security packages, available on monthly subscriptions, for small businesses & start-ups, medium & growing businesses and large enterprises and re-designed its website with a focus on clarity instead of industry jargon.
“We’ve had a really good response from the market,” explained Gray. “These are companies with anywhere from 10 to 500 users that don’t have the resource, the skills, the budgets of large enterprises, yet are still heavily attacked because they are a route into enterprise organisations for the attackers. A good example might be a company that chases mortgage arrears on behalf of a bank. That third-party company might be a small to medium-sized business that hasn’t put the necessary security parameters in place.”
As part of its service to businesses, Cyberfit will not only provide solutions to protect against common attacks, but also identify what needs protecting and strengthening.
“We do penetration testing, we do vulnerability scans. We look at where the customer is, we look at where they are on their journey and we put an improvement plan together for them to say these are all your weaknesses and we recommend that you prioritise them in this order. We gain a good understanding of their business, rather than just going in and doing a general test, like where they make their money, how they make money, which are their most critical systems. That is
As cyber security has become more complex, more and more businesses are turning to managed service providers for reassurance and protection. For MSPs that don’t have the requisite expertise in-house, the next best thing might be partnering with a security specialist that does, like Cyberfit.
Be First to Comment