BTS: The 45-day BriteProtect Onboarding Process
June 28, 2021
45-60 days. That’s all it takes to get truly onboarded with the BriteProtect managed security service. Brite qualifies onboarding as log collection, true correlation and meaningful detection and response, not just signing a contract. How? Connectors and AI correlation are the two major reasons we consistently meet this expectation.
Connectors are custom API connections that provide both log collection and response orchestration, ultimately allowing and achieving advanced SOAR capabilities! By being able to utilize connectors that can leverage currently deployed security tools, it’s able to shorten the time for deployment.
Second, the machine learning engines have already been loaded with hundreds of thousands of samples. This fuels the artificial intelligence correlation. While this system will continue to learn and adapt to the client environment, out of the box we are able to detect more than 50,000 activities.
So why wait any longer? You already spent time deliberating the decision to partner with a managed security service, evaluated platforms, decided and then went through the paperwork. And let’s be honest, risks, vulnerabilities, attacks, etc. don’t wait for tools and processes to be in place so there’s no point in waiting.
Now, other MSSPs do claim to achieve onboarding in a similar timeframe. While this isn’t a paper towel commercial comparing two services, we do want to explain the simplicity of the BriteProtect onboarding process and how we are able to accomplish a complete onboarding so quickly.
BriteProtect onboarding process methodology
The main onboarding goal is to start detecting and responding as soon as possible with the BriteProtect platform. To streamline the process, it is executed in four thoroughly documented phases. Each phase builds on capturing valuable log sources, completing documentation and transitioning into using the BriteProtect platform for detection and response.
The deliberate steps not only outline the process of migrating the tools but also defines and establishes the responsibilities of the Brite team and the customer. To ensure successful and timely onboarding, the process requires active participation from Brite’s SOC, PMP team and the client team.
With that said, let’s look at the four phases: Preparation, Collection, Playbooks, Tuning.
BriteProtect’s (proven) onboarding process
Like we mentioned, in 45-60 days the time-consuming, daily security tasks will be offloaded from your plate.
Phase 1: Day 0-10: Preparation
Provide and finalize documentation and order the necessary hardware or prepare the virtual systems. Subject matter expert information for all expected log sources is provided to the Brite team. Submission and review of configuration documents are completed prior to the hardware or virtual systems being put in place. The client also provides network access and collects the credential details for all the security tools.
Phase 2: Day 11-25: Collection
The work begins to point logs to the BriteProtect log collectors, and where available directly connect. Depending on the architecture, this will include dedicated hardware sensors or virtual sensors. Logs are collected in standard Syslog, JSON or other formats. Custom parsers are available for hundreds of security tools.
Lastly, for those tools with a connector, credentials are entered. The connectors are a bi-directional integration using the available APIs. Connectors greatly shorten the time for the deployment and reduce the need for agents on every device! Once the logs are pointed, the machine learning engines start learning.
Phase 3: Day 26-45: Playbooks
The SOC analysts begin the review process. The AI-based correlation will start to immediately generate alerts and notifications, but also suppress unwanted noise. The analysts will initially confirm all log sources are continuously reporting, while also analyzing what the data really means.
During this phase, there is a good amount of communication with the client team to clarify systems, devices, activity and users. From this information, we customize the playbooks to match the client environment and notification process.
Phase 4: Day 46+: Tuning
It’s important to continue the tuning and validation process to ensure that the collection process is properly configured from the start. This tuning process is a never-ending project. Luckily, with the help of AI it is more efficient and effective. Outcomes of this phase include reduced false positives and more efficient alerting.
With the initial tune complete, the onboarding process can be finalized with the following action items: modify/add rules based on the threat landscape and network changes, adjust for network changes and false-positive reduction, adjust for staff changes and set monthly review meetings and reporting cadence.
It’s really that easy. And with the Brite team supporting you through the process, you’ll be left wondering why you waited to team up with a world-class managed security service.
Posted in Consulting Services, Deployments, Featured Resources, Managed Services