Joshua A. Cole, Co-Founder & CTO and Greg W. Kidd, Security Operations Center lead
In the wake of growing cyberattacks, network-based security threats, and complex compliance requirements, SIEM has finally emerged as a powerful weapon. It is worth noting that while there is no silver bullet for advanced cyberattacks, SIEM can turn the tide of cyberwarfare by empowering organizations with information for security control enhancements. According to Joshua A. Cole, co-founder and CTO of Assura, “SIEM will become compulsory to security like firewalls and endpoint protection, for organizations of all sizes, not just large enterprises with big security budgets. As businesses seek the ability to understand threats and data, the role of SIEM goes beyond a glorified burglar alarm to evolve as a business intelligence tool.”
Having developed expertise in privacy issues, security management, technology, and business operations as security practitioners, Joshua and the Assura team saw an opportunity to help cultivate SIEM as a rich source of data that can be leveraged to its full potential to improve threat detection and response capability. With intent to help clients with cybersecurity and compliance, top-to-bottom and in all respects, Assura’s managed SIEM service rises above just collecting logs and reporting on alerts to enrich the information that their clients use to enhance their business operations and Governance, Risk, and Compliance (GRC).
Karen L. Cole, Assura’s co-founder and CEO says, “There are a lot of cybersecurity companies that specialize in GRC, or security operations, or a niche like application security or forensics and those services are delivered as siloed offerings. We bring customers an end-to-end capability with all of those competencies using an as-a-service model.”
In addition, the company also offers consulting services in other areas of risk assessment, continuity planning, security architecture, and penetration and security testing. As part of the reporting, Assura’s SIEM service provides insights into the effectiveness of security controls of all types and the updates regarding the delivery of IT services. “We don’t just dump reports over the wall, clean the dust off our hands, and call it a day. We have monthly reviews with each client to make concrete recommendations—be it a control enhancement, a new control, or a process change. Unlike other companies that demand additional charges for delivering monthly reviews, we do not impose any charge for something so obvious,” explains Joshua.
He also emphasizes that Assura specializes in building services that are within the economic reach of a wider variety of organizations. The company’s turnkey defense and response, managed security, and project and advisory services meet the needs of budget-strapped small-to-mid-sized organizations across diverse industries. Backed by Assura’s advisory services, small businesses can determine the value that existing security investments are delivering and have business case justification for potential additional investments. “SMBs demand consistent delivery of services and expert guidance on how they can to shore up their security, not just from the technology standpoint, but also in terms of GRC and business operations,” adds Joshua.
As businesses seek the ability to understand threats and data, the role of SIEM goes beyond a glorified burglar alarm to evolve as a business intelligence tool
To that end, the experts at Assura address the delivery consistency issue not only through training but also process improvement. Every service provided has a service blueprint developed for it as well as supporting processes that people are trained to execute. For instance, the company’s Virtual ISO™ GRC-as-a-Service is a rigorous, defined, and repeatable set of processes that helps clients to build, operationalize, and sustain their cybersecurity capabilities. This managed service ensures world-class security and compliance with substantial savings, without compromising on the quality of service delivered.
Governed by a mission to bring “cybersecurity to everyone,” Assura is indisputably the best bet for organizations to protect their information. The company goes beyond the mechanics of service delivery to develop a mindset of understanding and believing that security is a right and not a privilege, and people deserve to have their sensitive data and systems protected. In essence, the uniqueness of Assura stems from its ability to protect information not just for its clients but also the clients’ stakeholders and customers. “We are in business to protect our clients and their stakeholders (customers, citizens, patients), and everyone at Assura makes decisions through that prism. We are not trying to build a volume of business at the expense of quality. Put simply, Assura is to cybersecurity asZappos is to retail. We want to delight our clients and help them achieve their goals,” CEO Karen Cole.
Greg Kidd, Assura’s Security Operations Center lead illustrates Assura’s prowess delivering managed SIEM services through a client success story. “Our client, a regional provider of physical rehabilitation services, who must follow strict HIPPA and PCI DSS security requirements, was concerned about protecting patient information and the organization’s sensitive data. Using managed SIEM, Assura was able to provide this client with deeper insight into their system and reporting, provide an enhanced insider threat detection capability, and enhance their security controls significantly faster. As an example, Assura was able to help our client reduce the number of alarmable events by 73%.”
“Our clients love that we have the depth in security that allows their heads to hit the pillow at night knowing that a capable team is watching out for them,” extols CTO Joshua Cole.
Scripting similar success stories, Assura—deemed as “the best-kept secret in cybersecurity” by its clients—is extending its reach to more organizations through aggressive expansion. Having maintained the same leadership team since its inception and a staggering 95 percent client retention rate, Assura has no plans of slowing down. Besides the huge potential of AI and machine learning in the cybersecurity realm, Joshua believes the industry is ripe for integration of automation and orchestration with SIEM. With regard to the orchestration capabilities, Joshua adds, “Many smart companies are taking a dive into the concept, and we are putting our best foot forward to be a vital part of it.” Assura also intends to enhance its service capabilities by leveraging accessible APIs for improving threat detection and response.