Tag Archive for: MDR

Five Tips for Selecting a Managed Detection and Response Service Provider

Relentless threat actors and complex technology stacks make it challenging for IT teams to keep up with the volume of cybersecurity threats – and even more difficult to respond to them rapidly. Compounding matters is the tight cybersecurity labor market characterized by too many job openings and a growing talent shortage. In this environment, security leaders are increasingly partnering with Managed Detection and Response (MDR) service providers for cost-effective 24/7 security monitoring and breach prevention. 

The growth in demand for MDR services is attracting new entrants such as commodity resellers looking to pivot to a services business model. When evaluating providers from the pool of new and established players, vendor selection can be difficult as many claim similar capabilities. While reputable analysts, like Gartner, have helped narrow the field by recognizing some of the top organizations offering MDR capabilities, here are our five key requirements to look for when selecting a Managed Detection and Response service provider:  

Rapid Response Capabilities 

Organizations must be able to effectively detect and respond to threats around-the-clock regardless of whether it is an evening, weekend or holiday. One of the main motivations behind partnering with an MDR service provider is to improve your company’s security posture with a team that can quickly respond to and contain security threats.  

While most organizations can only investigate and respond during business hours, the ability to quickly contain threats on a 24/7 basis is crucial to any organization. Automated response capabilities provide incident responders time to further investigate and remediate before there is a serious breach. While many MDR service providers claim they offer response services, not all capabilities are equal. Some providers only focus on accelerating response times for your security team through actionable guidance and recommendations, relying on a manual action to contain a threat.  

True MDRs have developed automated and/or semi-automated containment capabilities, such as isolating infected host systems or blocking IP addresses. An effective service provider will correlate high-fidelity events to detect indicators of attack as well as help you determine what actions best align with your business requirements and the type of automated remediation that will be most effective. Secondary validation plays an important role to reduce the risk of responding to false positives, especially where business critical users or operations could be affected.  

Given that the use of identity-based attacks and credential abuse are growing rapidly, and frequently at the core of ransomware and supply chain breaches, advanced response offerings should also protect users’ identities. Identity Threat Detection and Response solutions can suspend a user account when an identity-based threat is detected.  

When selecting a Managed Detection and Response service provider, make sure you know what level of response capabilities you want in a provider and find one whose capabilities extend beyond mitigation guidance into response actions. Industry leading MDR providers combine Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) to maximize protection from targeted attacks. 

Support for Cloud Environments 

Motivated by cost savings, greater flexibility, and more efficient collaboration, businesses continue to adopt and expand their cloud infrastructure. In fact, a majority of businesses planned to host or move more than 50% of their workloads in the cloud over the next 12-18 months. However, while there are many benefits of moving to the cloud, the complications of setup can be overlooked. Issues such as misconfigurations, API vulnerabilities, account compromise, and malicious insiders all pose threats to the security of your environment and your sensitive assets hosted in the cloud. 

Given that cloud infrastructure can pose a risk to organizations, how can you work with your MDR provider to secure these assets? When sourcing a suitable provider, it’s best to look at the amount of cloud support that a provider offers. One that has limited monitoring capabilities for cloud environments may leave a significant part of your IT infrastructure unprotected, unmonitored, and exposed to threats that you won’t have visibility into. In addition, some MDR service providers may be able to help guide you in best practices for proper setup and maintenance, ensuring your cloud environments aren’t being left open to cybercriminals. 

At a minimum, select a Managed Detection and Response service provider that supports the three main public cloud vendors—AWS, Azure, and Google Cloud Platform. They should not only be able to monitor these critical log sources but also have experts on their team who can provide guidance. If your organization is using virtual servers and firewalls, find a provider who can manage these and help you implement best practices, so you can ensure your cloud hosting platform of choice is set up to vendor recommended standards.  

If you host your own SIEM, using a vendor such as Splunk Cloud, seek out an MDR provider that has the capability to work with that type of system as well. They should have a team of certified experts on the platform, dedicated to helping maximize the value of your investment.  

Detection in Depth 

While tools such as Intrusion Prevention Systems (IPS), anti-virus solutions, and firewalls, strengthen your perimeter, they may not be enough to keep your networks secure from advanced cyberattacks. Many of today’s cyber threats, like ransomware, are complex, multi-phased attacks that often evade perimeter controls and can lurk undetected for a long period of time. That is why it’s essential to use a combination of narrow-band and broad-band approaches to best detect adversarial actions. This additional visibility allows providers to better detect and discover threat activity, such as ransomware pre-cursor activities. 

This use of a detection in depth approach can make valuable use of log or telemetry data from these tools to detect indicators of suspicious activity and threats that might have bypassed your systems. As a natural expansion of defense in-depth, detection in depth was evolved to emphasize multiple layers of visibility into network activity. This layered approach reduces the risks associated with dependency on a specific solution or vendor and better enables you to catch one of the many early warning signs of an attack.  

For example, today’s ransomware attacks are often complex, multi-stage attacks that attack that attempt to compromise one or more endpoint devices and install malicious software that blocks access to those devices. With multiple security monitoring tools at both the endpoint and network levels, it is easier to detect and discover the early stages of ransomware related activities, allowing you to stop cybercriminals before they get into your networks. 

When selecting a Managed Detection and Response service provider, look for one whose detection capabilities provide benefits beyond the level of preventative controls. Using machine learning models and advanced correlation analysis can power detection in depth through identifying signals of suspicious behavior, making your MDR service provider better able to spot potential threats and act quickly.  

There are various frameworks and models an MDR service provider can use to break down the typical cyber-attack into a series of several tactics, objectives, or stages. The MITRE ATT&CK matrix, for example, has 14 distinct objectives while the cyber kill chain traces out 7 attack stages. Whatever model you or the MDR service provider follows, it’s prudent to seek out a partner that goes deep with their detection capabilities across all phases of cyberattacks rather than being limited to the surface level controls.  

Investment in Threat Hunting  

Your MDR service provider should have a threat hunting team that takes a proactive approach to search through your network, data, and systems to unearth hidden threats and adversaries lurking in your environment. These threats may have gone undetected by existing tools or use cases, but with the help of a dedicated threat hunting team, the risk of a data breach can be minimized. 

Global MDR service providers can add more value from threat hunting by applying their findings from one client’s network to improve threat hunting efforts for other clients. Machine learning models that identify anomalies and score them based on how unusual they are in the context of baseline behavior should be part of your MDR provider’s  threat hunting tool chain. Many MDRs have some senior advisors that can play an important role by digging through client logs, dashboards, and visualizations to hunt for threats.  

Clear Communication and Visibility 

When evaluating an MDR service provider, it’s critical that you set expectations for how you would like to be able to communicate with your partner. Some MDR service providers might have limitations on communication hours or specific mediums that might not work well for your business. Given that an attack can happen at any time, you should look for a team of SOC analysts who not only monitor your environment around-the-clock but also one you can access when you need additional help. It is also beneficial to have multiple communication options, such as phone, web portal and email.  

Select a Managed Detection and Response service provider that goes the extra mile by displaying real-time data, dashboards, and other valuable security information. Some MDR providers can improve your security posture by identifying gaps in controls that can be exploited by attackers. Executives can use this data to demonstrate team improvement over time or justify spending for additional headcount or tools.  

Proficio’s MDR services provide your business with around-the-clock security monitoring, advanced threat detection, investigations, and automated response capabilities. You can learn more about our Managed Detection and Response or find out what Gartner recommends you ask MDR providers and Proficio’s answers. 

PROFICIO NAMED GLOBAL SECURITY OPERATIONS CENTER (SOC) TEAM OF THE YEAR

Carlsbad, Calif. – February 3, 2022 (updated February 11, 2022) – Proficio, a managed security services provider (MSSP) delivering managed detection and response (MDR) services, today announced they received 3 2022 Cybersecurity Excellence Gold awards for SOC Team of the Year, Managed Detection and Response (MDR) Provider of the Year, and AWS Cloud Security Provider of the Year. The Cybersecurity Excellence Awards honor companies that demonstrate excellence and innovation and receive acclaim from the broader cybersecurity community.

“We are honored to be named Global SOC Team of the Year,” said Carl Adasa, VP of Global SOC Operations, Proficio. “This award reflects the hard work and commitment of our security experts who provide our clients 24/7 protection from our global network of SOCs.”

Proficio’s global team of security analysts and engineers monitor security events, investigate suspicious behavior, and hunt for targeted attacks. We use an extensive library of threat discovery use cases, the MITRE ATT&CK ® framework, machine learning-based threat hunting models, and our advanced threat intelligence platform to provide superior threat detection for our clients. Proficio also offers automated response and containment services, as well as Risk-Based Vulnerability Management (RBVM) services to prioritize vulnerabilities based on the likelihood of exploitation and the criticality of the assets at risk.

ABOUT PROFICIO

Founded in 2010, Proficio is an award-winning managed detection and response (MDR) service provider. We help prevent cybersecurity breaches by performing and enabling responses to attacks, compromises, and policy violations. We have been recognized in Gartner’s Market Guide for MDR services annually since 2017. Our team of experts provides 24/7 security monitoring and alerting from global security operations centers (SOCs) in San Diego, Barcelona, and Singapore. Proficio’s cloud-native Threat Management Platform uses a combination of industry leading commercial software and proprietary technology to provide clients with advanced analytics, threat intelligence, Security Orchestration, Automation, and Response (SOAR), patented risk scoring, AI-based threat hunting, Open XDR, and Risk-Based Vulnerability Management. www.proficio.com.

Contacts:
Brock Watson
bwatson@proficio.com

The Cybersecurity Acronym Overload

What is the difference between an MSSP and an MDR service provider (and everything in between)?

As any industry evolves, it is common for new categories of products and services to proliferate. In the case of cybersecurity services, many of the new services have been introduced to respond to the evolving threat landscape or to support new technologies – but in some respects, it’s also become a way for vendors to differentiate themselves.

So, it is not surprising that questions like, “what is the difference between an MSSP and an MDR service provider,” and “what is a SOC-as-a-Service provider” are some of the top managed security services Google searches.

As a co-founder of Proficio I have a unique perspective on how this proliferation of labels came about and what the future holds.

People, Process and Technology

These three pillars are the building blocks of a security operations. People, process, and technology are the threads that run through MSSP, MSS, SOC-as-a-Service (SOCaaS), MDR, and XDR services. However, many organizations are constrained by a limited budget to achieve desirable cybersecurity outcomes which is why the managed security services industry exists.

Let’s quickly put some context around each:

People: Cybersecurity-Skills-Gap

The difficulty of hiring and retaining cybersecurity experts is one of the primary motivations behind outsourcing security operations to service providers. People challenges are due in part to the cyber skills gap and in part a function of scale. Large organizations are better able to staff a 24/7 SOC (requires a minimum team of 10 to 12 people) and train their teams on technologies like AI, next-generation endpoint software, and cloud infrastructures. Medium-sized organizations (and smaller) are often not be big enough to dedicate headcount to specialist roles like SIEM Administrator, Content Developer, Incident Responder, or Data Scientist.

Process:

Process is the glue that ensures consistent and effective action. Process encompasses the definition of roles and responsibilities, workflow, policies and procedures, and more. The time and effort needed to harden and document processes is frequently underestimated. Look back in time at some of the largest security breaches and you will find process issues in many cases. The 2013 data breach of the retail giant Target is a prime example. While multiple issues related to this breach, the fact that Target’s SOC did not respond to FireEye alerts resulted in the breach being undetected. How an indicator of compromise is investigated and remediated is fundamentally a process issue.

Technology:

Technology is the third building block supporting security operations. Building and managing a technology stack for cybersecurity is challenging and doubly difficult for organizations with limited resources. The complexity of Security Information and Event Management (SIEM) software is often sufficient reason for businesses to turn to managed service providers. SIEM systems collect event logs from an organization’s network, endpoints, cloud infrastructure and security tools. Log data is analyzed and alerts are generated for further investigation and remediation. However, the quality of security alerts is only as good as the data ingested by the system, alongside the rules and use cases used to filter and prioritize the alerts. While there are tips to maximizing the value of your SIEM, time erodes the efficacy of a SIEM; products and log formats will change, new threats make old rules irrelevant, and the experts that originally set up the SIEM often move on to greener pastures.

What is a Managed Security Services Provider (MSSP)?

The role of an MSSP starts with log management, as collecting and retaining logs is a requirement for compliance mandates like PCI and HIPAA. But before centralized log management, the event data collected from each security device was siloed. As a result, if a firewall engineer saw an alert for a port scan and a Windows administrator saw failed login attempts followed by a successful login, they may not realize that the same host is involved in both events. Minimally, an MSSP is responsible for alerting their clients to threats and suspicious events with the goal of reducing the risk of a security breach. MSSPs offer a wide range of capabilities including vulnerability management, incident response, and pen testing.

According to Wikipedia, “the roots of MSSPs are in the Internet Service Providers (ISPs) in the mid to late 1990s. Initially, ISP(s) would sell customers a firewall appliance, as customer premises equipment (CPE), and for an additional fee would manage the customer-owned firewall.” Today, MSSPs continue to manage security products such as firewalls, IDS/IPS, and WAFs on behalf of their clients. The management of security devices typically includes making configuration changes, patching, tuning, and health and performance monitoring. Managed Security Services (MSS) has been used to connote both device management and the security monitoring functions offered by MSSPs.

The terms fully managed and co-managed describe the service models used by MSSPs. Fully managed applies where security technologies, like SIEM software, are owned and operated by the MSSP and used for the benefit of their clients who are users of security information. A co-managed approach provides the client more control, for example a SIEM owned by the client where the MSSP and the client share administrative responsibilities.

What is SOC-as-a-Service? Difference-between-MSSP-and-MDR

The term SOC-as-a-Service was created “to describe how clients benefit from 24/7 monitoring and the same advanced threat detection technology that is used in sophisticated SOCs serving large enterprises and governments.” In 2010, Software-as-a-Service (SaaS) was already a significant industry with adoption being driven by the advantages of an on-demand, subscription model with no dependency on the existing IT infrastructure.

SOC-as-a-Service or SOCaaS is a logical extension of the SaaS where SIEM software is delivered as a service, and instead of staffing up an in-house SOC, multiple clients share the capabilities of a 24/7 SOC responsible for threat detection, altering, and response.

The goal for many SOC-as-a-Service providers, like Proficio, is to provide businesses the same quality of service that a large enterprise receives in-house, at an affordable price. This requires a true partnership with clients and the flexibility to act as an extension of their IT security team.

So how does SOC-as-a-Service differ from the offerings of an MSSP and what sort of business should use it? SOC-as-a-Service focuses on fully managed cloud-based services which are ideal for small to medium-sized organizations. Vendors providing SOC-as-a-Service are less likely to work with client-owned SIEMs and manage security devices, but this is not an absolute rule.

While SOCaaS providers offer many of the same capabilities as MSSPs, they are less likely to manage security devices and may not support as broad a set of log sources.

What is the difference between an MSSP and an MDR service provider?

MDR service providers offer more advanced threat detection and response capabilities than MSSPs. Key capabilities to expect from MDRs include:

When Gartner issued their first Market Guide for Managed Detection and Response Services, they categorized MSSPs as being more focused on monitoring perimeter security and lacking threat detection capabilities for the cloud and endpoints. Gartner also posited that MSSPs are more focused on meeting compliance requirements than MDRs. Fewer MDRs manage security devices – a service offered by many MSSPs.

MDRs must continue to adapt to new challenges to meet the demands of a Next-Generation MDR Service Provider.

What is an XDR Service

XDR is a new evolution of MDR, that includes threat detection and response capabilities. The X stands for eXtended capabilities, that go beyond EDR. XDR integrates multiple security control points (endpoint, network, cloud, email, authentication) to automate threat detection and response. The concept of XDR has been promoted by leading industry analysts (notably Gartner) and is starting to be adopted, and perhaps hyped, by vendors.

You might ask, how is XDR different from SOAR? Both approaches apply use cases to log data to trigger automation and orchestrations. However, XDR will have broader integration among security controls using native APIs. For example, where an event might result in SOAR triggering containment of an endpoint and even orchestrating a remediation workflow, XDR could also automate responses from other layers of security such as blacklisting the source of malware at the perimeter.

One challenge for prospective users of XDR is they risk being locked into a single vendor solution. Most enterprises have multiple existing security vendors and unless they are already budgeted for a broad refresh, adopting this approach may be a protracted and expensive process.

Proficio and others are addressing the shortfall of XDR with Open XDR. Like XDR, Open XDR  integrates multiple layers of security while also supporting more than one vendor for each control point to provide customers with more flexibility and security.

What Does it All Mean? MSSP and MDR business person question marks

When you think to yourself, “what is the difference between an MSSP and an MDR service provider?”, it’s obvious there is no clear-cut answer. There continues to be some fluidity around the labels used to describe the providers of managed security services or security tools. Buyers of these services need to assess if the core capabilities of a prospective partner complement their existing capabilities and align with their goals.

 

Here are 5 areas to explore:

  1. Compliance

If your organization must adhere to one or more compliance mandates, validate the service achieves that goal. Can your MSSP or MDR retain logs for the required period? Does your MSSP or MDR support industry specific requirements such as file integrity monitoring in the case of PCI? These are important criteria to discuss before selecting a partner.

  1. Threat Discovery

Effective threat detection is a precondition to protecting your organization from damaging cyberattacks. Understand how the provider uses threat intelligence, security analytics, and automation for cost effective threat discovery and what expert human resources are applied to event investigations and threat hunting. Determine what is important for you and realistic within your budget.

  1. Response Automation

The ability to rapidly contain a threat is a good reason to select a specific MDR service provider. Some MDR providers support third party SOAR products and others offer automated response using native capabilities in their threat management platform. But don’t assume anything – you should always validate that the MDR provider supports your preferred endpoint and firewall vendors. Before implementing, it is also important to check that you have organizational buy in to automating changes to endpoints or network configurations.

  1. Technology Stack

Whichever label your vendor uses to describe their services, they will come to you with a predefined technology stack. This will affect how well your existing and planned technologies integrate with your provider. For example, your provider may support one or several SIEM vendors or they may have developed their own threat management platform. Ask if your vendor requires you to install a hardware sensor or add endpoint agents; these requirements can create network clutter and negatively impact performance and compactivity. Not all vendors are able to parse data from critical points of telemetry in your environment or support automation and orchestration for your existing security products.

  1. Control

Ask yourself how much control you need of the infrastructure and data involved in security operations. Do you want to use your own SIEM or do you prefer a platform hosted by your managed security service provider? Will this change in the future? Do you need to own the log data that has been collected? How important is it to have the ability to do granular searching and run reports with the providers system? Conventional wisdom is organizations are willing to devolve control to reduce cost and complexity, but this should be a conscious decision.

Final Thoughts

Choosing a cybersecurity partner is a major decision. Proficio has been acting an extension of our clients’ team to help them achieve their cybersecurity goals for over 10 years. If you’re currently using, or considering using, an MDR Service Provider, download our MDR Checklist to ensure you’re getting an effective service. Tune into our video podcast series called Cyber Chats to hear industry experts discuss cybersecurity issues and best practices. If there’s anything more we can do to help, please let us know.

 

IDC Technology Spotlight | Next-Gen MDR

Not All Partnerships are Equal

As Henry Ford once said, “Coming together is the beginning. Keeping together is progress. Working together is success.” While many people have an understanding of how partnerships work in their day-to-day lives, defining a true partnership in a business relationship can be more challenging. In the field of cybersecurity, finding a “true partner” means you share the risk and both strive to improve your security posture.

A True Partner

A true partnership works best when both groups share the risk, agree on the end goals, have open lines of communication and build their relationship on mutual trust and respect. Companies that embrace such partnering behaviors believe in creating mutually beneficial relationships that bring value to both parties.

Partnerships come in many shapes and sizes. There can be partnerships between vendors, where they provide complementary products or services that are further enhanced by working together. There can also be strategic relationships developed between provider and client, where they view the relationship as more than just a business transaction.

Your partners should also be building strong relationships within the technology sector. Knowing that they not only use best-in-class technologies but that they have good working relationships with those vendors means that you can maximize your technology investments. A good partner should not only be able to help you to optimize the technologies you already have in place, but also make recommendations for policy and infrastructure to ensure you reduce your risk and meet any compliance requirements.

Finding Your Partner

When you are on a team, you have certain expectations of your teammates and hope you can rely on them in critical situations. However, a lot of organizations do not have the in-house resources to staff an effective cybersecurity operation. Understanding the economics and potential cost savings of using a managed service provider is an important part of any decision to outsource security operations.

In cybersecurity, you should look for partners who act as an extension of your team. They do not just care about selling you their latest tool or services – they sincerely care about the security and safety of your company. They should have a programmatic view on cybersecurity and take your concerns seriously. Equally important is the culture of the organization with whom you choose to partner. Do they share similar values, and can you trust that they will view your security as important as you do?

Throughout the relationship, a partner should have the skills and resources to respond to security incidents and help guide your overall cybersecurity journey. And while relationships in cybersecurity may not last forever, the need for true cybersecurity partners will never change. The current environment of COVID-19 only reminds us how businesses can be disrupted when they least expected it. And with the shortage of skilled cybersecurity professionals, choosing your partners has never been more critical.

Narrowing The Search

Once you decide what you’re looking for, how do you find someone who checks all the boxes? Many may sell you on ideals but it’s crucial they also follow through with what they sell. When looking for the right partner for your cybersecurity needs, you should ask critical questions to make sure you’re making an educated choice.

Things to look for include:

  • How do their SLAs compare to other vendors?
  • Do they provide transparency and trackable metrics?
  • Do you receive insight into your cyber risk and recommendations for improvement?
  • Will they create custom content?
  • What is their long-term focus?
  • Are they industry recognized?
  • How available is their team?
  • Do you have similar preferred methods of communication?
  • Can you visualize the value they would bring to your team?

Selecting a partner who shares the risk will give you confidence that you are building a more secure organization. As your partner helps you mature your cybersecurity program, you should see a measurable change throughout the partnership and be able to track metrics over time.

Once you’ve found the right partner, you will be enabled for success not only tomorrow but for the long-term future.

So – what do your current partnerships look like?

MDR or EDR. What’s right for you?

Targeted attacks are on the rise and often go undetected by traditional security solutions and methods. Endpoint Detection and Response (EDR) companies like CrowdStrike, Carbon Black, CounterTack, and a new up and coming company ZitoVault, have solutions that can stop targeted attacks in their tracks.

Why EDR?

Customized malware can bypass traditional antivirus solutions, so it’s imperative to take a broader and more proactive approach to protect your endpoints. This means real-time monitoring, detection and advanced threat analysis combined with response technology. EDR solutions can strengthen your security posture and augment your existing security tools and processes.

Why MDR?

When enterprises deploy EDR solutions, they face many of the same challenges found when deploying SIEM technologies. These include finding and maintaining qualified security staff, alert fatigue due to false positives, limited budget and lack of actionable intelligence. Without the expertise and staff who can both tune your security tools and respond to threats, you are at risk of a data breach and adding your new EDR solution to your collection of shelfware.  With the rise of EDR solutions, it’s no wonder that Managed Detection and Response (MDR) providers have surfaced to address these challenges. MDR is provided as a service, similar to managed security service providers (MSSP’s), but with a greater focus on detecting, investigating, and mitigating suspicious activities and issues – independent of whether events affect endpoints or perimeter devices.

When searching for a Managed Security Services Provider, look for one who can provide the following attributes that Gartner recommends:

  • Focus on detecting advanced or targeted attacks
  • Management and monitoring of inward facing security tools like endpoint security
  • The ability to correlate endpoint data with other data sources, use cases and threat intelligence.
  • The systems and processes to integrate and streamline monitoring, alerting, search and reporting for endpoint, cloud, and data center in a single view and with a common runbook.
  • Use of threat intelligence and advanced analytics
  • 24/7 monitoring, analysis and customer alerting of security events with less reliance on automated and more significant analyst investigations.
  • Incident response services, guided remediation, advanced persistent threat hunting and consulting on containment and remediation

Why not Both?

If you have already purchased an EDR solution but you are struggling to maintain security staff, lack of expertise or chasing false positives, look for an MDR provider who can leverage your existing investment and augment your security staff.

 

 

Proficio Partners with Qualys to Expand its Managed Detection and Response Services

INTEGRATES QUALYS CLOUD PLATFORM FOR ADVANCED VISIBILITY, SECURITY AND COMPLIANCE

CARLSBAD, CA and FOSTER CITY, CA – August 5, 2019

Proficio, an award-winning global managed security services provider (MSSP), today announced it is partnering with Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, to fully integrate the Qualys suite of cloud-based solutions with Proficio’s Managed Detection and Response capabilities.

As part of the expanded partnership, Proficio clients now have access to Qualys apps including Vulnerability Management, Asset Inventory Cloud Agents, File Integrity Monitoring, Policy Compliance, and ThreatProtection, which contributes to Proficio’s strategy of providing continuous threat visibility and protection. Proficio will also leverage Qualys’ groundbreaking Global IT Asset Discovery and Inventory App to help its clients to create a continuous, real-time inventory of known and unknown assets across on-premises, endpoint, multi-cloud, mobile, container, OT and IoT environments.

“We are excited to expand our successful partnership with Qualys and leverage their leading cloud security and compliance solutions,” said Brad Taylor, CEO of Proficio. “Qualys allows us to take advantage of integrating a single backend while providing our clients with the functionality of 19 applications enabling enhanced visibility and deeper analysis for improved security. This is unique in the industry.”

“Adding Qualys apps to Proficio Managed Security Services provides clients with a single-pane-of-glass to view threats across their global IT infrastructure including mobile, cloud, on-premises, or IoT environments,” said Philippe Courtot, chairman and CEO for Qualys. “Furthermore, by integrating the Qualys Cloud Platform with their existing Managed Security Services, Proficio further enhances its next-generation managed services offering to provide their clients with full visibility, real-time detection, and response.”

About Proficio

Founded in 2010, Proficio is an award-winning managed security services provider (MSSP) delivering 24/7 security monitoring and alerting, managed detection and response (MDR), and cybersecurity services through global security operations centers in San Diego, Barcelona, and Singapore. Proficio’s innovative approach to managed cybersecurity services uses proprietary processes, experienced security analysts, and the industry’s most advanced technologies to help organizations defend against advanced threats. Proficio pioneered the concept of SOC-as-a-Service and was the first MSSP to automate threat containment and to provide a security dashboard with threat scoring. To learn more, visit www.proficio.com.

About Qualys

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 12,200 customers and active users in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings.

The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance, and protection for IT systems and web applications on-premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading cloud providers like Amazon Web Services, Microsoft Azure and the Google Cloud Platform, and managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, DXC Technology, Fujitsu, HCL Technologies, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

PRESS CONTACTS:

MARIAH GAUTHIER
(415) 963 4174
QUALYS@HIGHWIREPR.COM

BRITTNEY TIMMINS
(760) 994-6302
BTIMMINS@PROFICIO.COM