An XDR solution for SMEs that allows you to continuously monitor an IT environment for cyber threats at an affordable price? Yes, why not?
This piece originally appeared on Sept. 16, 2024 and has been updated with the latest information. EASI is holding an event in Ghent on Dec. 6, 2024 that will cover the latest trends and developments in cybersecurity. Full details can be found here.
To be better protected against cyberattacks or data breaches, it is important for companies to continuously monitor their IT environment and notice and address potential threats in a timely manner. However, IT teams have their hands full with other tasks or budgets are often lacking to build their own SOC team around this.
Therefore, a Security Operation Center (SOC) team is often brought in to handle the continuous monitoring of threats from various angles. Such solutions are widely used in large companies, but due to high costs, they don’t seem obvious for SMEs. So how can you as a small business implement a comprehensive security solution without paying the big pot?
Central security system
A Security Operation Center (SOC) has several buzz terms including a familiar term in the security landscape: Managed Detection and Response (MDR). These terms indicate the continuous monitoring of security events, such as firewall, antivirus or spam, for example. With all those security notifications and alerts, IT teams have to keep seeing the forest for the trees. In order to know when to react and when not to, the SOC team needs a central point where all notifications come together.
An XDR or SIEM solution can take care of this. XDR, or Extended Detection and Response, collects data from all endpoints and logs of other security events, such as firewall activity, and compiles it into a central dashboard. SIEM stands for Security Information and Event Managementand goes a little further than just the security component. “For example, with a SIEM solution you can also monitor users for abnormalities such as failed logons, make changes by users who should not have rights to them, or apply an Active Directory (AD),” said Robin Bruynseels, cybersecurity and SOC engineer at Easi.
Another big difference with a SIEM solution, is that it includes raw logs. This is data that may not be of much immediate use to you. With XDR, it’s mainly about detecting real products, such as an antivirus or spam, that detect something. “XDR is a more filtered version of SIEM, which also detects things that your security team doesn’t always benefit from, and also can react quickly if needed,” Bruynseels said.
SOC for SMEs
Security solutions such as XDR or SIEM are often used in large enterprises that have the resources and knowledge to build their own SOC team, or work with an external, specialized team. “We have an ‘Easi SOC Pro module’ designed for large enterprises with more than a thousand users. However, such SIEM solutions are not affordable for small SMEs,” Bruyneels said.
We also want to offer small, growing companies an affordable product that does the same thing as a SIEM solution, but with a little less capability.
Robin Bruynseels, cybersecurity and SOC engineer at Easi
Yet small businesses also need a comprehensive security solution that connects all endpoints. “To fill the gap in the market and offer SMEs a similar security product, we at Easi created a SOC module specifically for SMEs,” Bruynseels says.
Bluehorn offers solace
That new module tailored to SMEs was named “Bluehorn. The product was designed entirely in-house by a security engineer expert from Easi. “He designed an in-house security product that offers SMEs an affordable and comprehensive security solution,” Bruynseels said. So it serves as an alternative to a SIEM solution, but tailored to SMEs. To be clear, Bluehorn is the product; behind it, you still need Easi’s SOC team to do the analysis through the application.
Bruynseels: “The advantage of having your own product is that you can determine the capabilities and add new functions yourself.” Easi also has a lot of in-house knowledge in the field of security, so the product can be continuously adapted based on their experience and expertise.
“Initially, Bluehorn was a kind of asset management tool. Because we noticed that there was more interest and need for the security aspect, we switched to the XDR principle,” Bruynseels said. Easi wants to aggregate all security components in order to respond from one point of view. “Suppose someone logs in from China, Bluehorn will indicate that this is not normal behavior, and we within the SOC team can immediately strip that user’s access.” So it’s not just “extended detection,” but also “response.
Flexible product
Bluehorn is a flexible product. “We rely on certain products that are already integrated into our security solution. If customers do work with other software or, for example, a certain firewall that is not in Bluehorn, we can make sure that integration happens on a draft basis,” Bruynseels explains. The intention is for the platform to evolve along with the customer.
Bluehorn is constantly evolving, but it is not intended to compete with enterprise products.
Robin Bruynseels, cybersecurity and SOC engineer at Easi
Bluehorn comes in the form of one package, no more and no less. “As we roll out new features, customers can just take advantage of them and they don’t have to pay any additional price,” Bruynseels said. “In fact, we can also learn from customers’ products. That way it grows together with the customer and we can add multiple capabilities to our product. It is constantly evolving.”
Whereas other SOC vendors look at the number of logs when determining the price, it is different at Easi. “We calculate the price based on the number of assets: how many PCs, laptops and servers the IT environment has,” Bruynseels explains.
Awareness
Still, this investment remains a big step for SMEs. Bruynseels: “Usually small companies are interested in such security solutions, but do not have this investment in their financial objectives, for example.”
With the whole NIS2 story, companies will look at this differently in the future. NIS2 will play an important role in this as it is now also important for SMEs. “It creates more awareness around the security story,” Bruynseels says.
“We mainly want to help IT teams grow in their maturity in the field of cybersecurity. Our product evolves together with the customer into a comprehensive cybersecurity solution, tailored to the SME,” Bruynseels concludes.
This piece originally appeared on Sept. 16, 2024 and has been updated with the latest information. EASI is holding an event in Ghent on Dec. 6, 2024 that will cover the latest trends and developments in cybersecurity. Full details can be found here.