This week sees the launch of version 34 of the Resilient Security Orchestration, Automation and Response (SOAR) platform. Together with the recent launch of version 33 we are launching the ability to run multiple Resilient ‘child’ orgs within a single Resilient management instance. This new MSSP capability has been designed together with our customers to meet some specific use cases.
There are a number of Managed SIEM providers and Managed Detection and Response (MDR) organizations looking to take advantage of the operational benefits of a SOAR platform to improve their service delivery capabilities for their customers. As with all SOC use cases, the MSSP market has challenges around staffing, scaling to meet alert volume and meeting customer SLA and configuration requirements, the Resilient MSSP offering is designed to help meet these requirements.
Available as an additional license for the Resilient SOAR platform, the MSSP add-on has 3 main elements that help MSSPs, Managed SIEM and MDR providers to better serve their customers. These key features are:
- New MSSP deployment model. A single, scalable Resilient systems which contains isolated tenants called ‘child’ orgs, which house separate client configuration, data, and integrations.
- Global Dashboard – In order to provide the MSSP analyst team will visibility across multiple client environments to track incidents and manage SLAs. Different analyst teams can have visibility into clients they are authorized to support and can configure specific dashboards to reflect client groupings.
- Configuration Manager – A centralized configuration management interface where the MSSP team can establish global or client-specific playbooks. This allows an MSSP to update and push out a global playbook update, to reflect a new threat such as WannaCry, or to customize a specific client requirement into their own environment.
In addition to this MSSP release, we’ve also updated our QRadar plugin to include support for the linking of QRadar domains being linked to child orgs. QRadar integration v3.3 is now available for download from the IBM Security AppExchange.
These new capabilities are available to Resilient customers with the relevant entitlement now, as well as a number of additional customer feature enhancements and security updates, more information on these are available in the release notes here (requires SuccessHub login). We will be running a technology session on the new MSSP features on September 11 at 11AM EST; join us by registering here to find out more.