Technology Reseller v42

01732 759725 40 MSSP experience, that tests tools, that uses those tools in anger, pits them against each other, bakes them off and works out which ones are good in certain areas and which ones aren’t and why. That is something we do for our customers.” Darktrace vs Vectra As an example, Gray cites a recent comparison between Darktrace and Vectra that Cyberfit was asked to carry out on behalf of a client. “They are both good technologies – I am not going to say bad things about either of them – but we were asked to go into a particular customer and do a bake- off between the two because Vectra and Darktrace compete quite heavily against each other,” he said. Cyberfit and the client, which had had Darktrace for six months for proof of value purposes, drew up a list of criteria they would use to measure the effectiveness of both products. Based around monitoring and simulated attacks, these were designed to assess: n each product’s capabilities, for example around false positives and false negatives, and the management overhead; n how well each product deals with threats and attacks in a live environment; n the products’ ease of use and set-up, scalability, service and support and how well each one integrates with other security tools; and n visibility of threats across the network. “We put Vectra next to where Darktrace was on their live network and then we started to move forward with our tests. We did some simulated attacks into both products – some basic attacks and some more sophisticated ones. We found that Darktrace was able to detect the majority of those attacks successfully, apart from some sophisticated behaviour-type attacks designed to test the solutions’ AI and machine learning capabilities (which Darktrace detected but scored lowly – Ed) . Vectra picked up all the attacks Rick Gray, Founder and CTO of Cyberfit Security, has 24 years’ experience in the industry and to date has founded two successful cyber security companies, giving him valuable insight into the trend of MSPs transitioning into managed security services providers (MSSPs). What are the risks of this approach and where might MSPs be cutting corners? Technology Reseller put this question to Gray as part of a discussion about a product comparison he has been asked to carry out on behalf of a client. This itself is significant, as assessing the strengths and weaknesses of different products must be a key responsibility for any security services provider, and one that requires a high level of knowledge and expertise that it might not be easy for a non-specialist to acquire. “What we like to do is put products through a test to find out how they address our customers’ challenges, because we understand those challenges. If there is a technology vendor out there that specifically addresses those challenges, we may partner with them, but they have to be effective. We like to ensure our customers are maximising their investment when it comes to spending money on protection and detection,” explained Gray. “There are so many different technologies coming out every week, it is a minefield. If you take one particular area, maybe your endpoints, your laptops, and look for a solution, there could be 20 that come up immediately when you search on Google. How do you work out which one of those is the best, when they are all say they are the best? “You could pay huge amounts of money to Gartner analysts and use the Gartner Magic Quadrant, or you could use somebody in the industry that has very quickly.” Gray adds that Cyberfit’s assessment highlighted significant differences between the tools, notably around how they handle anomalies, with Vectra trying to validate findings before raising them to a human which, according to Gray, produced far fewer false positives. “There was a huge difference,” he said. “We advised that customer that if they went with Darktrace they would probably need to employ another four analysts to manage the product because of the vast amounts of information it created, compared to one person with Vectra.” A new customer Cyberfit was not a Vectra customer before it began its assessment, but it is now. “Our technical guys were so amazed at the technology that we took the decision to take it on. One, it makes us look good in delivering the service; it is easier for us to deliver a service with that technology; I don’t need so much resource internally; and the way it integrates with some of the other tools we have in our portfolio is already there – all the APIs are there. It is a great technology and we have deployed it into many places now,” explained Gray. “We also manage other people’s environments that have Darktrace from a SOC perspective, and it is a very, very noisy tool. They all are, but Vectra seems to have a way to suppress that noise and only show you things that are happening. “A good analogy would be if a burglar comes up to your house in the middle of the night, tests your door to see if it is unlocked but doesn’t come in. That is not Why experts matter With more and more MSPs starting to offer security services, what are the advantages of using (or partnering with) a cyber security specialist? James Goulding finds out from Rick Gray, Founder and CTO of Cyberfit Security, a provider of cyber security services to critical national infrastructure, intelligence services, enterprises and a growing number of SMEs Rick Gray