Leveraging Its MSSP Background

Secureworks has an advantage over competitors thanks to its experience in building its own managed detection and response (MDR) platform, Thomas said. “By managing all of these different security point products, we learned what works, we learned what telemetry they provide and how to normalize that data, in order to run cross-correlated detection analytics to reduce the noise. So the understanding of the products out there is very intimate. Security management of those was one one advantage of taking that knowledge from MSSP business model to an XDR platform.”

A second major advantage from its MSSP background was the ability to know “what does good look like” in terms of automation — what the best way was to build orchestration into the platform “to automate investigations and to automate response capabilities.”

“My favorite response when I meet with customers is that the security analyst on the team says, ‘This UI looks like it was built by somebody who has done my job and has taken away the pain points.’” Secureworks is unique in that it has that experience from knowing “what it’s like to be in a SOC every day, to get the noisy detections down, and to automate much of the work so that they can work on the things that only humans can do.”

Secureworks also has more than two decades of experience with tracking threat actor tactics, techniques and procedures, she said. “We are one of the few providers who have such an extensive amount of threat intelligence that we build into our tactics graphs,” Thomas said. That allows Secureworks “to detect adversarial behavior much quicker.”