Michael Crean. PHOTO: Stellar Cyber.

MSP Brite Reveals The Latest Cybersecurity Strategies

What tools and techniques should your organization use to manage risk?

Stephen Salinas, Head of Product Marketing, Stellar Cyber

San Jose, Calif. – May 21, 2024

Cyberattacks are always evolving, and so are the tools and techniques organizations use to manage risk. To get the latest industry perspective, Stephen Salinas, head of product marketing at Stellar Cyber, interviewed Trevor Smith, executive vice president at Brite, a New York-based MSSP and technology solution provider.

Stephen Salinas: What new trends are you seeing that people should know about?

Trevor Smith: We’re seeing a lot of variation in attacks, and we know from helping our customers deal with them that technology can cut down the noise. Individual security tools seem to be continuously generating alerts that are only a part of the picture. While an alert might point to a specific attack, it’s distracting to have security teams chasing down those individual alerts and trying to determine whether there’s a real issue, and if so, what it is. Stellar Cyber’s Open XDR platform gives us a clearer picture. For example, maybe an endpoint detection solution is generating a bunch of alerts, and maybe it has blocked some type of activity. But with the Open XDR platform, we’re piecing that information together with identity information and maybe network details and user or asset information to get a much deeper understanding about whether a given alert is really something that needs to be investigated and remedied, and how any tool’s specific alerts fit into the overall attack chain.

Stephen Salinas: Absolutely. We see a lot of security teams struggling to get through their high-priority alerts, and leaving a lot of things uninvestigated for a long, long time. Just look at the major attacks we see in the news — many of them had been going on for months.

Trevor Smith: Yeah. The other part to that is identifying where the vulnerabilities are in the infrastructure, and then elevating each security threat to a particular asset or category of assets based on the vulnerabilities that exist there. Maybe some systems haven’t been patched because the operations team hasn’t gotten to it, or they’re not able to do it because of the type of asset it is, or there could be a legacy operating system or operational technology involved. Taking those factors into account is really, really critical today.

Stephen Salinas: In a way, I feel for security technology buyers who are out there looking at new tools, because they typically have a SOC that’s just chock full of tools already; unfortunately, a lot of those tools probably aren’t delivering what buyers expect. The tools are great, and you always want to make sure your tools are up to date and take advantage of them, but it’s not just about tools. There’s a lot more that goes into delivering security.

Trevor Smith:  Security teams are just inundated with tools. And when we sit down with customers at the beginning of each year or during the year, we want to know, what is their plan? What’s on their roadmap? They typically say, “I don’t want to buy any more tools. I want to get my existing tools to work better and focus on that.” Now, invariably, they’re going to purchase some technologies and some capabilities throughout the year, and we understand that, but optimization of those is really, really important. We’ve seen a true benefit from the OpenX DR platform because it leverages our customers’ existing tools and gets more value out of those tools by not only using the data they’re generating, but also by making sure that they’re configured properly.

For example, if a tool is sending off bells and whistles, but no one’s watching it, that’s a big issue — it’s why SEIM tools came about in the first place. But SOC managers also need to think about whether they can configure a tool differently to prioritize alerts and information to get an earlier warning sign.  If we can detect an issue faster, which we’re able to do now, we can respond faster and we can limit the potential impact of a breach.

We help customers understand the quantification of risk and how a particular tool helps reduce the breach impact to the organization, so they can make educated decisions about whether to invest in a new tool or optimize an existing tool or a higher resource. The bottom line is, how is a tool going to help reduce the risk? That’s been a key initiative for us, because instead of just IT professionals saying they want to buy this tool now, their financial teams or executives are asking, “How’s it going to impact the organization? How’s it going to reduce the risk to the organization?” We’re seeing a lot more requirements for justification around the solutions.

Stephen Salinas: There’s so much need for security resources and they’re just not there, but that’s where companies like Brite can really fill the gap for a lot of security teams, whether they completely outsource security or they do some sort of co-managed approach.

Trevor Smith: We always offer the co-managed approach to every one of our customers. We provide access to the full platform that our analysts use, so customers can dedicate their own resources to looking at the platform if they want. Even if they just want to investigate a particular incident or activity, they have the opportunity to do so with our platform. Our customers range from those with dedicated IT resources to those who never, ever log into the platform and others that sit in the middle, but we want to provide that capability regardless. The cybersecurity skill shortage is an ongoing challenge, so we want to help customers optimize their own resources by using them for tasks that are going to help not only protect the organization, but also move it forward.

Stephen Salinas: That’s a major point people should consider. There are different options now more than at any time in the past, and I think that’s great for security teams. They know they’re not in this alone.

Trevor Smith: Our approach been received really well, especially because maybe today they don’t have the resources to handle cybersecurity themselves, but they’re hoping to get to a point where they will, and they can make the investment gradually, knowing that we’re watching and protecting the organization all the way. And in other cases where maybe they have dedicated resources and they lose one, they still have us backing them up. They always have the opportunity to put their resources in place and to use platforms like Stellar Cyber to leverage their existing tools.

Stephen Salinas: Do you have any thoughts about Generative AI? We see a lot of vendors adding this capability to their products. What’s your take on Gen AI’s impact on cybersecurity?

Trevor Smith: There’s a huge potential impact on cybersecurity. We’re seeing it incorporated into so many of the tools and capabilities that we’ve been talking about. I think there’s a real true play in how it can help create greater and greater efficiency. The Stellar Cyber platform has used AI since its onset, and we’ve seen astronomical improvements over traditional SEIMs by utilizing AI for detection. As we add Gen AI to that, it’ll help take the information that’s being provided and disseminate it in a way that non-cybersecurity individuals can understand. That’s how we’ve been using it today: we take the alert information, the details, and then use it in some of our summaries. As it stands currently, we always need to have that summary checked by our ISTs to make sure it’s accurate, but eventually, I think we’ll get to a point where it doesn’t have to be checked, and it will enable more and more efficiency, which is especially important considering the ongoing skills gap.

Stephen Salinas: I agree, and you’ll notice that we recently announced our Gen AI-driven Open XDR Investigator. The simplest way I explain it is that it gives you the ability to have a conversation with the platform. Just as you’re saying, you don’t have to be a security whiz to write some queries — you can ask questions and get answers.

Trevor Smith: One of the things that really attracted me to the Stellar platform many years ago was that we didn’t need to be able to write queries. Now, though, you’ve made it possible to take queries even further using natural language to do further investigations. It ties into that co-managed component that we were talking about before. We build custom security dashboards for some customers so they have readily available information and can find things really quickly and easily within the platform, but now,  using Gen AI, they can even do more.

Stephen Salinas: It’s really interesting to watch how Gen AI changes what we do.  Thanks for joining me today, Trevor. If anyone has any questions about Stellar Cyber, please reach out to us. You can visit our website, request a demo, or ask for a meeting with some of our security experts to see how we might be able to help you in your security journey. Trevor, how can people contact Brite?

Trevor Smith: You can find us at Brite.com. We look forward to connecting with you.

– Stephen Salinas is the head of product marketing at Stellar Cyber.

About Stellar Cyber

Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.