deepwatch Adds Managed Threat Detection via Splunk

Managed security service provider deepwatch this week announced it has added a threat detection and response service for small to medium-sized businesses based on the security information and event management (SIEM) platform created by Splunk.

Bobby Christian, deepwatch COO, said deepwatch already provides security services through which it automatically indexes and benchmarks the security maturity of its customers using algorithms it developed. That data is then used to drive advanced analytics, shared threat intelligence and automated cybersecurity training using the Splunk IT operations platform.

The alliance with Splunk will enable deepwatch to extend the reach of those services in the realm of managed detection and response (MDR). Splunk’s platform is widely employed by IT teams, and the services will use data that many IT organizations already have collected in a Splunk platform, added Christian.

While Splunk has a large user base for its IT operations platform, the push to extend the reach of that platform is still relatively nascent. Managed service providers such as deepwatch provide a means to increase adoption of the Splunk SIEM platform among small-to-medium businesses that rarely have the skills and expertise required to stand up and maintain a SIEM platform on their own.

It’s not clear precisely what the relationship is between SIEMs and emerging extended detection and response (XDR) platforms that promise to automate security analytics. However, deepwatch is confident Splunk will remain relevant as its security portfolio continues to evolve, noted Christian. In fact, many organizations would be well-advised to resist ‘shiny object syndrome’ in favor of concentrating on security fundamentals, added Christian.

Despite the general shortage of cybersecurity expertise, the number of organizations relying on managed security service providers remains relatively small. That should increase steadily as it becomes more apparent that organizations today need a lot more than a firewall and antivirus (AV) software to secure endpoints across highly distributed computing environments.

Bill Hustad, vice president of alliances and channel ecosystems for Splunk, said that level of complexity is likely to increase as many employees continue to work from home to help combat the spread of the COVID-19 pandemic. As such, Splunk expects in the months ahead more organizations will rely on managed security service providers (MSSPs), noted Hustad. The challenge, of course, is MSSPs themselves find themselves in the crosshairs of attacks as cybercriminals seek to compromise systems that could give them access to any number of downstream IT environments an MSSP might support.

There’s historically been a lot of tension between MSSPs and internal security teams, but as the number of threats organizations face continues to increase in volume and sophistication, it’s clear cybersecurity needs to be viewed as a team sport. In addition to establishing closer ties with developers and IT operations teams, most cybersecurity teams will need to rely more on external expertise to plug gaps that inevitably emerge as attack vectors change and evolve. Some organizations prefer to rely on MSSPs to manage lower-level tasks, while others are more inclined to rely on MSSPs to handle emerging technologies they may not know how to deploy and manage.

One way or another, however, it’s not likely most internal IT teams will be able to effectively defend themselves without relying on external expertise to level the playing field against cybercriminals that have virtually unlimited resources.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard