In my discussion with Jay Barbour, the Director of Security Product Management at Masergy, we talked about the managed security services that his company provides and why they make a lot of sense for many companies. Jay also details the rationale for the elements of Masergy’s security services offerings and shares with us where he sees the security industry currently headed.
It seems like you have been involved in security for quite a while, but from several different aspects.
I have been in security for about 17 years, and started in Silicon Valley as a product manager for an embedded firewall solution, which was quite innovative at the time. I’ve also done security product marketing, security advisory services, and security policy, including my previous position for 7 years at BlackBerry as Security Director. It’s a fascinating profession and the challenges are endless.
Before talking about Masergy, can you share your top three enterprise security tips?
Gladly! As a bonus tip, I would urge organizations to familiarize themselves with the NIST Cybersecurity Framework from the National Institute of Standards and Technology. This is a cybersecurity framework that is based on risk management and security processes so it will keep up with an ever changing threat landscape. It covers the five fundamental functions and categories of cybersecurity activities:
Identify Protec Detect Respond Recover
I want to focus on Masergy’s managed security services, but that is only one of several different businesses – or categories of services – that Masergy offers. Can you first give me an overall picture of what you offer?
Masergy recently changed ownership (December 2016) in a deal valued at about $1 billion and is now owned by a private equity firm Berkshire Partners in Boston. We presently have three main business areas:
Now please describe your managed security offerings.
There are three elements to our managed security offering: Unified Enterprise Security – Our Managed Detection and Response service platform, that integrates our patented in-house network security analytics with other third party detection and response enabled tools, such as Endpoint Detection and Response (EDR) among a handful of others. Integrating our own and third-party tools. The platform provides and integration platform, cross-tool security analytics, analytics, threat intelligence, and security incident response workflow. Security Operations – Expert security analysts operating our global Security Operations Centers (SOCs) 24x7 are Masergy’s big differentiator because the quality of the managed service is ultimately dependent upon the quality and experience of the security analysts making critical decisions every minute. Professional Services – Independent of the other elements, we offer risk assessment, vulnerability testing, and compliance testing to help our customers focus their security resources most effectively.
Let me now explain why these offerings are so attractive to many companies. When Masergy was first founded, we focused on threat detection and response based on machine learning capabilties. That was more than 15 years ago, when machine learning based detection was virtually unheard of. Today, the industry recognizes this approach as the way to go, and we have a lot of experience and learnings from our proven track record. Mid-sized to large enterprise organizations are recognizing that they need to implement detection and response capabilities as per the NIST Cybersecurity Framework, but they are really struggling to do so on their limited budgets so they are turning to managed security service providers like Masergy. Masergy has the economies of scale and scope, and the security expertise, to offer a cost-effective solution. The industry is realizing that there is no single silver bullet for the detection and response mission, and that you need a full suite of security tools to get adequate coverage and resiliency to catch sophisticated attackers. A major challenge, however, is getting all of those tools to actually work together instead of operating much less effectively as a bunch of siloed tools. That is why our unified platform focusses on tool integration, not just Masergy tools, but any third party tools that enable the mission and best address the risks for each of our customer situations.
How do you define your target market?
Most very large organizations today have huge budgets and can afford to build their own SOCs and hire whomever they need. However, mid-size organizations face the same threats as larger ones, but have far fewer resources at their disposal. The sweet spot for our managed security services are mid-sized companies, which typically have 100 to several thousand employees. Our managed security services provide a cost effective solution for these medium to large enterprise organizations. We also have a number of large enterprises that do have an in-house SOC, but also rely on Masergy Managed Detection and Response services for a “second pair” of eyeballs watching alert flows for suspicious activity.
What is your pricing model?
We primarily base our pricing on the number of employees in the organization, since we have found that the amount of alert activity is proportional to the number of employees. We do also make an adjustment for the number of remote sites and hosted servers
How many active customers do you have today? Where are they mainly located?
We currently have over 1400 enterprise customers overall and about 450 active managed security customers. About two-thirds of them are in North America and the rest in Europe and Asia. In order to effectively support customers all around the world, we have established three global SOCs (Security Operations Centers), located in the US, Europe, and Asia.
How would you describe your current typical customer?
In terms of size, our customers are usually medium to large enterprise companies. In terms of industries,we service all horizontal verticals. But,our top security customers are in the following verticals:
Financial Services Manufacturing Healthcare Legal Services Retail
Who are some of Masergy’s biggest customers?
We cannot divulge our security customers separately as a privacy policy. But you can go to masergy.com to see a sample of our clients and visit https://www.masergy.com/reviews-and-testimonials/ for customer reviews and testimonials.
Whom do you view your competitors?
We are in a unique position as far as competitors are concerned. We compete with the larger MSSPs as well as some of the smaller start up MDR vendors and our value proposition is that we are a well-established player that can be nimble and agile without dealing with large bureaucracies but are very financially stable and have a fully established and comprehensive service offering. The challenge with very large security providers is that they are so large they cannot maintain the quality of their analysts. Maintaining a staff of the highest quality analysts in our SOCs is critical to the overall quality of the service. It’s where the rubber meets the road. In comparison, our smaller competitors have limited tool sets that don’t adequately support the detection and response mission. Among the smaller vendors, one provider is really cloud only, and another one thinks they have a silver bullet. We feel we have the perfect mix of technology, people, processes and finances to serve the security needs of our enterprise customers.
What trends do you see in the security market in general, and in the managed security services segment in particular?
The major trend that we are seeing is that managed detection and response services are growing quickly as they address a huge market need, again, particularly for medium to large organizations
What are some of Masergy’s future plans?
Masergy has an integrated security platform based on patented behavioral analytics and we continue to add more robust capabilities and new features to our comprehensive security toolset. We also continue to expand our expert SOC and threat intelligence personnel to our team. We recently launched our network visibility tool, which provides a complete 3 month (or more if needed) history of our customer networks. This is a critical tool for triaging security alerts as they come in, and is also important for incident response: identify and understanding where an attacker has been and currently is. It also enable retrospective threat intelligence matching: Because we have a complete network history, threat intel feeds are no longer time sensitive and therefore much more effective. Prior to that, we released our managed endpoint detection and response (EDR) solution, in partnership with Carbon Black. EDR is a critical tool for detection and response because it is typically the beachhead for attackers. It’s best to stop them there before they “push inland” towards your critical file server and database assets.
How many hours a day do you normally work? What do you like to do when you are not working?
I work until I complete all of my tasks for the day. When I am not working, I love building stuff and spending time with my young son, who seems to love doing engineering type activities. I also enjoy being in the outdoors, hiking, and biking.