This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production.
Cisco’s announcement earlier this week that they were launching a Threat Defense Managed Service was surprising in that it was the first of the large existing MSSPs in the business to do so. But not surprising in light of the fact that device monitoring and logging of alerts does very little to counter so-called advanced threats.
For the last three years, I have been keeping close tabs on eSentire, a service provider in the Waterloo area of Southern Ontario. J. Paul Haynes, eSentire’s CEO, told me that they are in the Active Threat Protection business.
Until Cisco’s announcement eSentire’s model had been unique. They drop a sensor on their customers’ network and watch the packet traffic for signs of compromise or even unusual behavior. They have real eyes-on-glass: a team of analysts in their Security Operation Center actively monitoring and taking action. The action could be as immediate as shunning the packets or a phone call to the CISO to deliver an actionable alert.
Haynes told me in the interview below that the elephant in the room for most organizations is “coming to terms with the fact that you might be compromised.”
One of the most difficult aspects of doing your own active threat defense is hiring and retaining the right people with the right skill sets. Haynes describes their process.
They bring in a batch of 5-7 college grads from schools in the area and run them through several weeks of boot camp. Five out of six might be a good fit. He says the job is part air traffic control, part network security analyst, and part World or Warcraft.
Watch the full interview here: