The Security 9-11 for SMBs

It’s the plight of the SMB: You’re a small company with limited resources, but you’re constantly being told that, from a cyber security perspective, you are just as at risk as larger companies. The data you have, the systems you use—they might not be the final goal for cyber attackers, but they can be the conduit to a large-scale breach. Look at Target. And if your company is the intended victim and you don’t have the right controls in place, a breach of customer data could mean the end for your company. Would you have the financial resources to recover from a breach? To fight legal battles? To upgrade your systems?

According to the most recent Verizon Data Breach Investigations Report,[i] 43% of online attacks are aimed at small businesses, and according to The Ponemon Institute, the average cost of a data breach for mid-sized organizations totaled $4.72 million USD in 2020.[ii] It’s impossible for any company, regardless of size, to exist without a digital ecosystem, but the opportunity cost can be crippling, especially when you factor in the cost of most commercial security tools. Between endpoint, email, IAM, AV, firewalls, data, web, and all the other protection and detection needs, where is an SMB to start? How do they realistically secure the right resources?

More than an MDR

The answer, of course, is hiring an outsourced provider. The economy of scale allows SMBs to manage security without large financial or staffing pressures. But even amongst MSSPs, providers try to land the “big fish.” For most organizations, it’s easier to manage a few larger customers than it is to service a high number of smaller businesses. But Aidan Kehoe and Jessvin Thomas, CEO and CTO of SKOUT Cybersecurity, a cyber security software company backed by a 24x7 SOC, built their business to exclusively service SMBs. SKOUT partners with managed service providers (MSPs) to deliver their services to the SMB community.

Why? “We want to be the security 911 for SMBs,” said Kehoe. “Before SKOUT, when we were both working at larger companies and servicing smaller companies, we realized that cyber security wasn’t accessible to everyone. It should be.” Their cloud-native security platform finds anomalies and alerts, provides data reporting, and helps with compliance configurations. The design, said Thomas, is predicated on three pillars:

  • Governance: What is the maturity model? What assets are deployed? Where are those assets on the network? Are the right controls in place? Do they align with risk tolerance?
  • Technology controls: Based on NIST and CMMC frameworks: monitoring, logging, endpoint protection, and email protection.
  • Privacy: Modeled after requirements in GDPR: Do controls support compliance frameworks?

The platform delivers cyber-as-a-Service and uses automation to integrate and configure integrations, collect data, build analyses, and report on findings. SKOUT runs its own 24x7x365 SOC with analysts located in the US and UK, to better assist customers across time zones.

Helping MSPs Serve SMBs

SKOUT’s technology is proprietary, meaning that if an SMB doesn’t have a SIEM or IDS of its own, or if the MSP doesn’t use a preferred SIEM/IDS, SKOUT can do all the monitoring and analysis inside the platform. SKOUT can also manage endpoint, email, and other technology in the same way. That said, they realize that many customers will have or use third-party tools, and so SKOUT easily plugs into third-party sensors to capture data and send it back though the platform for analysis. “This puts all the data in a single pane of glass,” said Thomas, and makes for a more efficient system of finding and remediating vulnerabilities and incidents.

“We built everything,” explained Thomas, “to allow SMBs to get to ‘three-nines’,” referring to the theory of five-nines, or 99.999% reliability and availability. “Most companies, and especially SMBs,” he said, “don’t need all five nines, but they do need to focus on the basics of cyber security which keep them running.” That’s what SKOUT aims to do, all from one platform that allows SKOUT’s analysts to take in all events and respond rapidly. They like to call the product a “360-degree security stack” for SMBs.

During our conversation, it became clear that SKOUT is not just a detection and response tool. Both Kehoe and Thomas kept going back to the ideas of risk and reporting; we spent a good deal of time looking at the platform’s user interface to see how an MSP would view their data against benchmarks, learn which key controls are missing from the environment, get a relative risk score/overall security posture, understand the financial impact of a breach, and see how to reduce risk.

For the benefit of the MSP, the SKOUT platform offers a multi-tenancy dashboard, which means that operators can see all data across their deployed customer base in one place. However, for security and privacy’s sake, the platform includes zero trust-based access controls and data distribution, mitigating the potential for unauthorized access and use or misuse. SKOUT is also built with fingerprinting and anonymization capabilities for a higher level of security control on the operator/admin level.

When and if an event is detected by the platform, SKOUT provides response services through their MSP partners. If forensics expertise is needed, they have a handful of third-party experts they would call upon to step up and assist.

Data-driven risk management and mitigation

After reviewing several MDR/SOC-as-service/MSSP platforms in the last few weeks, SKOUT stands out for its mission of protecting SMBs and for the comprehensiveness of its technical capabilities. Just as impressive, though, is the founders’ dedication to serving SMBs; they understand that automation is the key from a technology standpoint but that SMBs need the assistance and assurance of human analysts who can be on call to help with an issue arises.

SKOUT is definitely not for every company, but MSPs serving the mid-market down would be smart to take a look at this platform. The focus on data-driven risk is the direction in which all security companies should be headed. And every integrated feature and functionality should support the risk reduction effort.