Secureworks Goes Beyond Managed Services With New Analytics Tool

By unbundling its new threat detection and response offering from managed security, Secureworks hopes to appeal to customers with a more mature security practice.

Secureworks has launched its first product that can be procured outside a managed services bundle to help more mature enterprises detect and respond to threats.

The Atlanta-based cybersecurity company said its new Red Cloak Threat Detection and Response tool is intended for more advanced clients that have already an internal security practice, according to Kyle Falkenhagen, Secureworks' senior director of product management.

"It's really about expanding the market we can go after, and being able to appeal to more sophisticated customers who are looking to do it themselves," Falkenhagen told CRN.

[Related: Dell, CrowdStrike, SecureWorks Forge Pact To Keep Endpoints Secure]

Secureworks currently offers endpoint and intrusion detection and prevention products alongside its core managed security and consulting services, Falkenhagen said, but both of those tools have to be wrapped around the company's managed security services. Companies that rely on Secureworks' managed security tend to employ no or few security professionals of their own, Falkenhagen said.

But there's a good portion of the market that Secureworks isn't addressing today since many larger enterprises already have their own CISO, tooling, around-the-clock security operations center (SOC), and at least seven security professionals on staff, Falkenhagen said. By unbundling its threat detection and response tool from managed security, Secureworks hopes to appeal to a new segment of customers.

Red Cloak Threat Detection and Response will be priced on a per-endpoint basis and will require a minimum of at least 1,000 endpoints, according to Falkenhagen. Customers will agree to a yearly subscription for a certain number of endpoints, said Falkenhagen, who declined to provide specific pricing information.

"This is definitely an upmarket play," Falkenhagen said. "We think we're taking a unique approach to this."

As adversaries become more sophisticated with their attacks, Falkenhagen said it's become harder and harder to detect threats using existing technology stacks. Analyzing patterns with indicators of compromise is no longer enough, according to Falkenhagen, who said the new Secureworks offering layers in more advanced capabilities with machine learning and deep learning.

But existing UEBA (user and entity behavior analytics) offerings tend to overwhelm small security analyst teams with tons of false positives, Falkenhagen said. But the Secureworks product combine single-factor anomaly detection with statistical, rule-based capabilities as well as additional threat intelligence vectors to ensure that the activity really merits an alert before it's put in front of an analyst, he said.

Secureworks also applies machine learning at both the system and individual user level to help determine what's malicious, what's benign, and what are the most common actions taken based on the different types of alerts being generated, according to Falkenhagen.

Red Cloak Threat Detection and Response also includes an 'ask an expert' feature directly in the app, allowing customers to communicate directly with a Secureworks analyst to determine if the irregular behavior has been seen anywhere else, if it correlates with any other data points in the customer's environment, and if the attack relied on commodity tools or was more highly targeted, he said.

The 'ask an expert' feature will be available to customers at no additional cost for the foreseeable future, according to Falkenhagen. Clients will be allowed to initiate up to 100 conversations per month, Falkenhagen said.

"We've proven that we've built something of value that solves a real problem," Falkenhagen said. "Now, it's about making more people aware of it."